use of org.apache.oltu.oauth2.as.request.OAuthUnauthenticatedTokenRequest in project Kustvakt by KorAP.
the class OAuth2Controller method requestAccessToken.
/**
* Grants a client an access token, namely a string used in
* authenticated requests representing user authorization for
* the client to access user resources. An additional refresh
* token strictly associated to the access token is also granted
* for confidential clients. Both public and confidential clients
* may issue multiple access tokens.
*
* <br /><br />
*
* Confidential clients may request refresh access token using
* this endpoint. This request will grant a new access token.
*
* Usually the given refresh token is not changed and can be used
* until it expires. However, currently there is a limitation of
* one access token per one refresh token. Thus, the given refresh
* token will be revoked, and a new access token and a new refresh
* token will be returned.
*
* <br /><br />
*
* Client credentials for authentication can be provided either as
* an authorization header with Basic authentication scheme or as
* form parameters in the request body.
*
* <br /><br />
*
* OAuth2 specification describes various ways of requesting an
* access token. Kustvakt supports:
* <ul>
* <li> Authorization code grant: obtains authorization from a
* third party application. Required parameters: grant_type,
* code, client_id, redirect_uri (if specified in the
* authorization request), client_secret (if the client is
* confidential or issued a secret).
* </li>
* <li> Resource owner password grant: strictly for clients that
* are parts of KorAP. Clients use user credentials, e.g. Kalamar
* (front-end) with login form. Required parameters: grant_type,
* username, password, client_id, client_secret (if the client is
* confidential or issued a secret). Optional parameters: scope.
* </li>
* <li> Client credentials grant: strictly for clients that are
* parts of KorAP. Clients access their own resources, not on
* behalf of a user. Required parameters: grant_type, client_id,
* client_secret. Optional parameters: scope.
* </li>
* </ul>
*
* RFC 6749: The value of the scope parameter is expressed as a
* list of space-delimited, case-sensitive strings defined by the
* authorization server.
*
* @param request
* the request
* @param form
* form parameters in a map
* @return a JSON object containing an access token, a refresh
* token, a token type and the token expiration in seconds
* if successful, an error code and an error description
* otherwise.
*/
@POST
@Path("token")
@ResourceFilters({ APIVersionFilter.class })
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces(MediaType.APPLICATION_JSON + ";charset=utf-8")
public Response requestAccessToken(@Context HttpServletRequest request, @FormParam("grant_type") String grantType, MultivaluedMap<String, String> form) {
try {
boolean grantTypeExist = grantType != null && !grantType.isEmpty();
AbstractOAuthTokenRequest oAuthRequest = null;
if (grantTypeExist && grantType.equals(GrantType.CLIENT_CREDENTIALS.toString())) {
oAuthRequest = new OAuthTokenRequest(new FormRequestWrapper(request, form));
} else {
oAuthRequest = new OAuthUnauthenticatedTokenRequest(new FormRequestWrapper(request, form));
}
OAuthResponse oAuthResponse = tokenService.requestAccessToken(oAuthRequest);
return responseHandler.createResponse(oAuthResponse);
} catch (KustvaktException e) {
throw responseHandler.throwit(e);
} catch (OAuthProblemException e) {
throw responseHandler.throwit(e);
} catch (OAuthSystemException e) {
throw responseHandler.throwit(e);
}
}
Aggregations