use of org.forgerock.oauth2.core.exceptions.InvalidGrantException in project OpenAM by OpenRock.
the class OpenAMTokenStore method createDeviceCode.
/**
* {@inheritDoc}
*/
public DeviceCode createDeviceCode(Set<String> scope, ResourceOwner resourceOwner, String clientId, String nonce, String responseType, String state, String acrValues, String prompt, String uiLocales, String loginHint, Integer maxAge, String claims, OAuth2Request request, String codeChallenge, String codeChallengeMethod) throws ServerException, NotFoundException {
logger.message("DefaultOAuthTokenStoreImpl::Creating Authorization code");
final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
final String deviceCode = UUID.randomUUID().toString();
final StringBuilder codeBuilder = new StringBuilder(CODE_LENGTH);
String userCode = null;
int i;
for (i = 0; i < NUM_RETRIES; i++) {
for (int k = 0; k < CODE_LENGTH; k++) {
codeBuilder.append(ALPHABET.charAt(secureRandom.nextInt(ALPHABET.length())));
}
try {
readDeviceCode(codeBuilder.toString(), request);
codeBuilder.delete(0, codeBuilder.length());
// code can be found - try again
} catch (InvalidGrantException e) {
// Good, it doesn't exist yet.
userCode = codeBuilder.toString();
break;
} catch (ServerException e) {
logger.message("Could not query CTS, assume duplicate to be safe", e);
}
}
if (i == NUM_RETRIES) {
throw new ServerException("Could not generate a unique user code");
}
long expiryTime = System.currentTimeMillis() + (1000 * providerSettings.getDeviceCodeLifetime());
String resourceOwnerId = resourceOwner == null ? null : resourceOwner.getId();
final DeviceCode code = new DeviceCode(deviceCode, userCode, resourceOwnerId, clientId, nonce, responseType, state, acrValues, prompt, uiLocales, loginHint, maxAge, claims, expiryTime, scope, realmNormaliser.normalise(request.<String>getParameter(REALM)), codeChallenge, codeChallengeMethod);
// Store in CTS
try {
tokenStore.create(code);
if (auditLogger.isAuditLogEnabled()) {
String[] obs = { "CREATED_DEVICE_CODE", code.toString() };
auditLogger.logAccessMessage("CREATED_DEVICE_CODE", obs, null);
}
} catch (CoreTokenException e) {
if (auditLogger.isAuditLogEnabled()) {
String[] obs = { "FAILED_CREATE_DEVICE_CODE", code.toString() };
auditLogger.logErrorMessage("FAILED_CREATE_DEVICE_CODE", obs, null);
}
logger.error("Unable to create device code " + code, e);
throw new ServerException("Could not create token in CTS");
}
request.setToken(DeviceCode.class, code);
return code;
}
use of org.forgerock.oauth2.core.exceptions.InvalidGrantException in project OpenAM by OpenRock.
the class OpenAMTokenStore method readRefreshToken.
/**
* {@inheritDoc}
*/
public RefreshToken readRefreshToken(OAuth2Request request, String tokenId) throws ServerException, InvalidGrantException, NotFoundException {
RefreshToken loaded = request.getToken(RefreshToken.class);
if (loaded != null) {
return loaded;
}
logger.message("Read refresh token");
JsonValue token;
try {
token = tokenStore.read(tokenId);
} catch (CoreTokenException e) {
logger.error("Unable to read refresh token corresponding to id: " + tokenId, e);
throw new ServerException("Could not read token in CTS: " + e.getMessage());
}
if (token == null) {
logger.error("Unable to read refresh token corresponding to id: " + tokenId);
throw new InvalidGrantException("grant is invalid");
}
OpenAMRefreshToken refreshToken = new OpenAMRefreshToken(token);
validateTokenRealm(refreshToken.getRealm(), request);
request.setToken(RefreshToken.class, refreshToken);
return refreshToken;
}
use of org.forgerock.oauth2.core.exceptions.InvalidGrantException in project OpenAM by OpenRock.
the class OpenAMTokenStore method updateDeviceCode.
@Override
public void updateDeviceCode(DeviceCode code, OAuth2Request request) throws ServerException, NotFoundException, InvalidGrantException {
try {
readDeviceCode(code.getClientId(), code.getDeviceCode(), request);
tokenStore.update(code);
} catch (CoreTokenException e) {
throw new ServerException("Could not update user code state");
}
}
use of org.forgerock.oauth2.core.exceptions.InvalidGrantException in project OpenAM by OpenRock.
the class OpenAMTokenStore method readAuthorizationCode.
/**
* {@inheritDoc}
*/
public AuthorizationCode readAuthorizationCode(OAuth2Request request, String code) throws InvalidGrantException, ServerException, NotFoundException {
AuthorizationCode loaded = request.getToken(AuthorizationCode.class);
if (loaded != null) {
return loaded;
}
logger.message("Reading Authorization code: {}", code);
final JsonValue token;
// Read from CTS
try {
token = tokenStore.read(code);
} catch (CoreTokenException e) {
logger.error("Unable to read authorization code corresponding to id: " + code, e);
throw new ServerException("Could not read token from CTS: " + e.getMessage());
}
if (token == null) {
logger.error("Unable to read authorization code corresponding to id: " + code);
throw new InvalidGrantException("The provided access grant is invalid, expired, or revoked.");
}
OpenAMAuthorizationCode authorizationCode = new OpenAMAuthorizationCode(token);
validateTokenRealm(authorizationCode.getRealm(), request);
request.setToken(AuthorizationCode.class, authorizationCode);
return authorizationCode;
}
use of org.forgerock.oauth2.core.exceptions.InvalidGrantException in project OpenAM by OpenRock.
the class OpenAMTokenStore method readAccessToken.
/**
* {@inheritDoc}
*/
public AccessToken readAccessToken(OAuth2Request request, String tokenId) throws ServerException, InvalidGrantException, NotFoundException {
AccessToken loaded = request.getToken(AccessToken.class);
if (loaded != null) {
return loaded;
}
logger.message("Reading access token");
JsonValue token;
// Read from CTS
try {
token = tokenStore.read(tokenId);
} catch (CoreTokenException e) {
logger.error("Unable to read access token corresponding to id: " + tokenId, e);
throw new ServerException("Could not read token in CTS: " + e.getMessage());
}
if (token == null) {
logger.error("Unable to read access token corresponding to id: " + tokenId);
throw new InvalidGrantException("Could not read token in CTS");
}
OpenAMAccessToken accessToken = new OpenAMAccessToken(token);
validateTokenRealm(accessToken.getRealm(), request);
request.setToken(AccessToken.class, accessToken);
return accessToken;
}
Aggregations