Examples with InvalidTokenException org.forgerock.oauth2.core.exceptions.InvalidTokenException used on opensource projects

Example 1 with InvalidTokenException

use of org.forgerock.oauth2.core.exceptions.InvalidTokenException in project OpenAM by OpenRock.

the class OpenAMOpenIdConnectClientRegistrationService method getRegistration.

/**
     * {@inheritDoc}
     */
public JsonValue getRegistration(String clientId, String accessToken, OAuth2Request request) throws InvalidRequestException, InvalidClientMetadata, InvalidTokenException {
    if (clientId != null) {
        final Client client;
        try {
            client = clientDAO.read(clientId, request);
        } catch (UnauthorizedClientException e) {
            logger.error("ConnectClientRegistration.Validate(): Unable to create client", e);
            throw new InvalidClientMetadata();
        }
        if (!client.getAccessToken().equals(accessToken)) {
            //client access token doesn't match the access token supplied in the request
            logger.error("ConnectClientRegistration.getClient(): Invalid accessToken");
            throw new InvalidTokenException();
        }
        //remove the client fields that don't need to be reported.
        client.remove(REGISTRATION_ACCESS_TOKEN.getType());
        final JsonValue response = new JsonValue(convertClientReadResponseFormat(client.asMap()));
        response.put(EXPIRES_AT, 0);
        return response;
    } else {
        logger.error("ConnectClientRegistration.readRequest(): No client id sent");
        throw new InvalidRequestException();
    }
}

Example 2 with InvalidTokenException

use of org.forgerock.oauth2.core.exceptions.InvalidTokenException in project OpenAM by OpenRock.

the class TokenInfoServiceImpl method getTokenInfo.

/**
     * {@inheritDoc}
     */
public JsonValue getTokenInfo(OAuth2Request request) throws InvalidTokenException, InvalidRequestException, ExpiredTokenException, ServerException, BadRequestException, InvalidGrantException, NotFoundException {
    final AccessTokenVerifier.TokenState headerToken = headerTokenVerifier.verify(request);
    final AccessTokenVerifier.TokenState queryToken = queryTokenVerifier.verify(request);
    final Map<String, Object> response = new HashMap<String, Object>();
    if (!headerToken.isValid() && !queryToken.isValid()) {
        logger.error("Access Token not valid");
        throw new InvalidRequestException("Access Token not valid");
    } else if (headerToken.isValid() && queryToken.isValid()) {
        logger.error("Access Token provided in both query and header in request");
        throw new InvalidRequestException("Access Token cannot be provided in both query and header");
    } else {
        final AccessToken accessToken = request.getToken(AccessToken.class);
        logger.trace("In Validator resource - got token = " + accessToken);
        final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
        final Map<String, Object> scopeEvaluation = providerSettings.evaluateScope(accessToken);
        response.putAll(accessToken.getTokenInfo());
        response.putAll(scopeEvaluation);
        return new JsonValue(response);
    }
}

Example 3 with InvalidTokenException

use of org.forgerock.oauth2.core.exceptions.InvalidTokenException in project OpenAM by OpenRock.

the class AccessTokenProtectionFilter method beforeHandle.

@Override
protected int beforeHandle(Request request, Response response) {
    ChallengeResponse challengeResponse = request.getChallengeResponse();
    Status failure = null;
    if (challengeResponse == null) {
        failure = new Status(401, new InvalidTokenException());
    } else {
        String tokenId = challengeResponse.getRawValue();
        try {
            OAuth2Request oAuth2Request = requestFactory.create(request);
            AccessToken accessToken = tokenStore.readAccessToken(oAuth2Request, tokenId);
            if (accessToken == null || accessToken.isExpired()) {
                failure = new Status(401, new InvalidTokenException());
            } else if (requiredScope != null && !accessToken.getScope().contains(requiredScope)) {
                failure = new Status(403, new InsufficientScopeException(requiredScope));
            } else {
                oAuth2Request.setToken(AccessToken.class, accessToken);
            }
        } catch (ServerException e) {
            failure = new Status(500, e);
        } catch (NotFoundException e) {
            debug.message("Error loading token with id: " + tokenId, e);
            failure = new Status(404, e);
        } catch (InvalidGrantException e) {
            debug.message("Error loading token with id: " + tokenId, e);
            failure = new Status(401, new InvalidTokenException());
        }
    }
    if (failure != null) {
        response.setStatus(failure);
        return STOP;
    }
    return super.beforeHandle(request, response);
}

Example 4 with InvalidTokenException

use of org.forgerock.oauth2.core.exceptions.InvalidTokenException in project OpenAM by OpenRock.

the class UserInfoServiceImpl method getUserInfo.

/**
     * {@inheritDoc}
     */
public JsonValue getUserInfo(OAuth2Request request) throws OAuth2Exception {
    AccessTokenVerifier.TokenState headerToken = headerTokenVerifier.verify(request);
    AccessTokenVerifier.TokenState formToken = formTokenVerifier.verify(request);
    if (!headerToken.isValid() && !formToken.isValid()) {
        logger.debug("No access token provided for this request.");
        throw new InvalidTokenException();
    }
    if (headerToken.isValid() && formToken.isValid()) {
        logger.debug("Access token provided in both form and header.");
        throw new ServerException("Access Token cannot be provided in both form and header");
    }
    final String tokenId = headerToken.isValid() ? headerToken.getTokenId() : formToken.getTokenId();
    final AccessToken token = tokenStore.readAccessToken(request, tokenId);
    final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
    return new JsonValue(providerSettings.getUserInfo(token, request).getValues());
}