Example 1 with AccessToken
use of org.gluu.oxauth.model.common.AccessToken in project oxAuth by GluuFederation.
the class IntrospectionWebService method introspect.
private Response introspect(String p_authorization, String p_token, String tokenTypeHint, String responseAsJwt, HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
try {
log.trace("Introspect token, authorization: {}, token to introspect: {}, tokenTypeHint: {}", p_authorization, p_token, tokenTypeHint);
AuthorizationGrant authorizationGrant = validateAuthorization(p_authorization, p_token);
if (StringUtils.isBlank(p_token)) {
log.trace("Bad request: Token is blank.");
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(errorResponseFactory.errorAsJson(AuthorizeErrorResponseType.INVALID_REQUEST, "")).build();
}
final IntrospectionResponse response = new IntrospectionResponse(false);
final AuthorizationGrant grantOfIntrospectionToken = authorizationGrantList.getAuthorizationGrantByAccessToken(p_token);
AbstractToken tokenToIntrospect = null;
if (grantOfIntrospectionToken != null) {
tokenToIntrospect = grantOfIntrospectionToken.getAccessToken(p_token);
response.setActive(tokenToIntrospect.isValid());
response.setExpiresAt(ServerUtil.dateToSeconds(tokenToIntrospect.getExpirationDate()));
response.setIssuedAt(ServerUtil.dateToSeconds(tokenToIntrospect.getCreationDate()));
response.setAcrValues(grantOfIntrospectionToken.getAcrValues());
// #433
response.setScope(grantOfIntrospectionToken.getScopes() != null ? grantOfIntrospectionToken.getScopes() : Lists.newArrayList());
response.setClientId(grantOfIntrospectionToken.getClientId());
response.setSub(grantOfIntrospectionToken.getSub());
response.setUsername(grantOfIntrospectionToken.getUserId());
response.setIssuer(appConfiguration.getIssuer());
response.setAudience(grantOfIntrospectionToken.getClientId());
if (tokenToIntrospect instanceof AccessToken) {
AccessToken accessToken = (AccessToken) tokenToIntrospect;
response.setTokenType(accessToken.getTokenType() != null ? accessToken.getTokenType().getName() : TokenType.BEARER.getName());
}
} else {
log.debug("Failed to find grant for access_token: " + p_token + ". Return 200 with active=false.");
}
JSONObject responseAsJsonObject = createResponseAsJsonObject(response, tokenToIntrospect);
ExternalIntrospectionContext context = new ExternalIntrospectionContext(authorizationGrant, httpRequest, httpResponse, appConfiguration, attributeService);
context.setGrantOfIntrospectionToken(grantOfIntrospectionToken);
if (externalIntrospectionService.executeExternalModifyResponse(responseAsJsonObject, context)) {
log.trace("Successfully run extenal introspection scripts.");
} else {
responseAsJsonObject = createResponseAsJsonObject(response, tokenToIntrospect);
log.trace("Canceled changes made by external introspection script since method returned `false`.");
}
// Make scopes conform as required by spec, see #1499
if (response.getScope() != null && !appConfiguration.getIntrospectionResponseScopesBackwardCompatibility()) {
String scopes = StringUtils.join(response.getScope().toArray(), " ");
responseAsJsonObject.put("scope", scopes);
}
if (Boolean.TRUE.toString().equalsIgnoreCase(responseAsJwt)) {
return Response.status(Response.Status.OK).entity(createResponseAsJwt(responseAsJsonObject, grantOfIntrospectionToken)).build();
}
return Response.status(Response.Status.OK).entity(responseAsJsonObject.toString()).type(MediaType.APPLICATION_JSON_TYPE).build();
} catch (WebApplicationException e) {
log.error(e.getMessage(), e);
throw e;
} catch (Exception e) {
log.error(e.getMessage(), e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).type(MediaType.APPLICATION_JSON_TYPE).build();
}
}
Also used :
AbstractToken(org.gluu.oxauth.model.common.AbstractToken)
JSONObject(org.json.JSONObject)
WebApplicationException(javax.ws.rs.WebApplicationException)
IntrospectionResponse(org.gluu.oxauth.model.common.IntrospectionResponse)
AccessToken(org.gluu.oxauth.model.common.AccessToken)
ExternalIntrospectionContext(org.gluu.oxauth.service.external.context.ExternalIntrospectionContext)
AuthorizationGrant(org.gluu.oxauth.model.common.AuthorizationGrant)
JSONException(org.json.JSONException)
IOException(java.io.IOException)
WebApplicationException(javax.ws.rs.WebApplicationException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Example 2 with AccessToken
use of org.gluu.oxauth.model.common.AccessToken in project oxAuth by GluuFederation.
the class PersistentJwt method toString.
@Override
public String toString() {
JSONObject jsonObject = new JSONObject();
try {
if (StringUtils.isNotBlank(userId)) {
jsonObject.put("user_id", userId);
}
if (StringUtils.isNotBlank(clientId)) {
jsonObject.put("client_id", clientId);
}
if (authorizationGrantType != null) {
jsonObject.put("authorization_grant_type", authorizationGrantType);
}
if (authenticationTime != null) {
jsonObject.put("authentication_time", authenticationTime.getTime());
}
if (scopes != null) {
JSONArray scopesJsonArray = new JSONArray();
for (String scope : scopes) {
scopesJsonArray.put(scope);
}
jsonObject.put("scopes", scopesJsonArray);
}
if (accessTokens != null) {
JSONArray accessTokensJsonArray = new JSONArray();
for (AccessToken accessToken : accessTokens) {
JSONObject accessTokenJsonObject = new JSONObject();
if (accessToken.getCode() != null && !accessToken.getCode().isEmpty()) {
accessTokenJsonObject.put("code", accessToken.getCode());
}
if (accessToken.getCreationDate() != null) {
accessTokenJsonObject.put("creation_date", accessToken.getCreationDate().getTime());
}
if (accessToken.getExpirationDate() != null) {
accessTokenJsonObject.put("expiration_date", accessToken.getExpirationDate().getTime());
}
accessTokensJsonArray.put(accessTokenJsonObject);
}
jsonObject.put("access_tokens", accessTokensJsonArray);
}
if (refreshTokens != null) {
JSONArray refreshTokensJsonArray = new JSONArray();
for (RefreshToken refreshToken : refreshTokens) {
JSONObject refreshTokenJsonObject = new JSONObject();
if (refreshToken.getCode() != null && !refreshToken.getCode().isEmpty()) {
refreshTokenJsonObject.put("code", refreshToken.getCode());
}
if (refreshToken.getCreationDate() != null) {
refreshTokenJsonObject.put("creation_date", refreshToken.getCreationDate().getTime());
}
if (refreshToken.getExpirationDate() != null) {
refreshTokenJsonObject.put("expiration_date", refreshToken.getExpirationDate().getTime());
}
}
jsonObject.put("refresh_tokens", refreshTokensJsonArray);
}
if (longLivedAccessToken != null) {
JSONObject longLivedAccessTokenJsonObject = new JSONObject();
if (longLivedAccessToken.getCode() != null && !longLivedAccessToken.getCode().isEmpty()) {
longLivedAccessTokenJsonObject.put("code", longLivedAccessToken.getCode());
}
if (longLivedAccessToken.getCreationDate() != null) {
longLivedAccessTokenJsonObject.put("creation_date", longLivedAccessToken.getCreationDate().getTime());
}
if (longLivedAccessToken.getExpirationDate() != null) {
longLivedAccessTokenJsonObject.put("expiration_date", longLivedAccessToken.getExpirationDate().getTime());
}
jsonObject.put("long_lived_access_token", longLivedAccessTokenJsonObject);
}
if (idToken != null) {
JSONObject idTokenJsonObject = new JSONObject();
if (idToken.getCode() != null && !idToken.getCode().isEmpty()) {
idTokenJsonObject.put("code", idToken.getCode());
}
if (idToken.getCreationDate() != null) {
idTokenJsonObject.put("creation_date", idToken.getCreationDate().getTime());
}
if (idToken.getExpirationDate() != null) {
idTokenJsonObject.put("expiration_date", idToken.getExpirationDate().getTime());
}
jsonObject.put("id_token", idTokenJsonObject);
}
} catch (JSONException e) {
log.error(e.getMessage(), e);
}
return jsonObject.toString();
}
Also used :
RefreshToken(org.gluu.oxauth.model.common.RefreshToken)
JSONObject(org.json.JSONObject)
AccessToken(org.gluu.oxauth.model.common.AccessToken)
JSONArray(org.json.JSONArray)
JSONException(org.json.JSONException)
Example 3 with AccessToken
use of org.gluu.oxauth.model.common.AccessToken in project oxAuth by GluuFederation.
the class PersistentJwt method load.
private boolean load(String jwt) throws JSONException {
boolean result = false;
JSONObject jsonObject = new JSONObject(jwt);
if (jsonObject.has("user_id")) {
userId = jsonObject.getString("user_id");
}
if (jsonObject.has("client_id")) {
clientId = jsonObject.getString("client_id");
}
if (jsonObject.has("authorization_grant_type")) {
authorizationGrantType = AuthorizationGrantType.fromString(jsonObject.getString("authorization_grant_type"));
}
if (jsonObject.has("authentication_time")) {
authenticationTime = new Date(jsonObject.getLong("authentication_time"));
}
if (jsonObject.has("scopes")) {
JSONArray jsonArray = jsonObject.getJSONArray("scopes");
scopes = Util.asList(jsonArray);
}
if (jsonObject.has("access_tokens")) {
JSONArray accessTokensJsonArray = jsonObject.getJSONArray("access_tokens");
accessTokens = new ArrayList<AccessToken>();
for (int i = 0; i < accessTokensJsonArray.length(); i++) {
JSONObject accessTokenJsonObject = accessTokensJsonArray.getJSONObject(i);
if (accessTokenJsonObject.has("code") && accessTokenJsonObject.has("creation_date") && accessTokenJsonObject.has("expiration_date")) {
String tokenCode = accessTokenJsonObject.getString("code");
Date creationDate = new Date(accessTokenJsonObject.getLong("creation_date"));
Date expirationDate = new Date(accessTokenJsonObject.getLong("expiration_date"));
AccessToken accessToken = new AccessToken(tokenCode, creationDate, expirationDate);
accessTokens.add(accessToken);
}
}
}
if (jsonObject.has("refresh_tokens")) {
JSONArray refreshTokensJsonArray = jsonObject.getJSONArray("refresh_tokens");
refreshTokens = new ArrayList<RefreshToken>();
for (int i = 0; i < refreshTokensJsonArray.length(); i++) {
JSONObject refreshTokenJsonObject = refreshTokensJsonArray.getJSONObject(i);
if (refreshTokenJsonObject.has("code") && refreshTokenJsonObject.has("creation_date") && refreshTokenJsonObject.has("expiration_date")) {
String tokenCode = refreshTokenJsonObject.getString("code");
Date creationDate = new Date(refreshTokenJsonObject.getLong("creation_date"));
Date expirationDate = new Date(refreshTokenJsonObject.getLong("expiration_date"));
RefreshToken refreshToken = new RefreshToken(tokenCode, creationDate, expirationDate);
refreshTokens.add(refreshToken);
}
}
}
if (jsonObject.has("long_lived_access_token")) {
JSONObject longLivedAccessTokenJsonObject = jsonObject.getJSONObject("long_lived_access_token");
if (longLivedAccessTokenJsonObject.has("code") && longLivedAccessTokenJsonObject.has("creation_date") && longLivedAccessTokenJsonObject.has("expiration_date")) {
String tokenCode = longLivedAccessTokenJsonObject.getString("code");
Date creationDate = new Date(longLivedAccessTokenJsonObject.getLong("creation_date"));
Date expirationDate = new Date(longLivedAccessTokenJsonObject.getLong("expiration_date"));
longLivedAccessToken = new AccessToken(tokenCode, creationDate, expirationDate);
}
}
if (jsonObject.has("id_token")) {
JSONObject idTokenJsonObject = jsonObject.getJSONObject("id_token");
if (idTokenJsonObject.has("code") && idTokenJsonObject.has("creation_date") && idTokenJsonObject.has("expiration_date")) {
String tokenCode = idTokenJsonObject.getString("code");
Date creationDate = new Date(idTokenJsonObject.getLong("creation_date"));
Date expirationDate = new Date(idTokenJsonObject.getLong("expiration_date"));
idToken = new IdToken(tokenCode, creationDate, expirationDate);
}
}
return result;
}
Also used :
IdToken(org.gluu.oxauth.model.common.IdToken)
RefreshToken(org.gluu.oxauth.model.common.RefreshToken)
JSONObject(org.json.JSONObject)
AccessToken(org.gluu.oxauth.model.common.AccessToken)
JSONArray(org.json.JSONArray)
Date(java.util.Date)
Aggregations
AccessToken (org.gluu.oxauth.model.common.AccessToken)3
JSONObject (org.json.JSONObject)3
RefreshToken (org.gluu.oxauth.model.common.RefreshToken)2
JSONArray (org.json.JSONArray)2
JSONException (org.json.JSONException)2
IOException (java.io.IOException)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
Date (java.util.Date)1
WebApplicationException (javax.ws.rs.WebApplicationException)1
AbstractToken (org.gluu.oxauth.model.common.AbstractToken)1
AuthorizationGrant (org.gluu.oxauth.model.common.AuthorizationGrant)1
IdToken (org.gluu.oxauth.model.common.IdToken)1
IntrospectionResponse (org.gluu.oxauth.model.common.IntrospectionResponse)1
ExternalIntrospectionContext (org.gluu.oxauth.service.external.context.ExternalIntrospectionContext)1
