Search in sources :

Example 1 with TokenTypeHint

use of org.gluu.oxauth.model.common.TokenTypeHint in project oxAuth by GluuFederation.

the class RevokeRestWebServiceImpl method requestAccessToken.

@Override
public Response requestAccessToken(String token, String tokenTypeHint, String clientId, HttpServletRequest request, HttpServletResponse response, SecurityContext sec) {
    log.debug("Attempting to revoke token: token = {}, tokenTypeHint = {}, isSecure = {}", token, tokenTypeHint, sec.isSecure());
    OAuth2AuditLog oAuth2AuditLog = new OAuth2AuditLog(ServerUtil.getIpAddress(request), Action.TOKEN_REVOCATION);
    validateToken(token);
    Response.ResponseBuilder builder = Response.ok();
    SessionClient sessionClient = identity.getSessionClient();
    Client client = sessionClient != null ? sessionClient.getClient() : null;
    if (client == null) {
        client = clientService.getClient(clientId);
        if (!clientService.isPublic(client)) {
            log.trace("Client is not public and not authenticated. Skip revoking.");
            return response(builder, oAuth2AuditLog);
        }
    }
    if (client == null) {
        log.trace("Client is not unknown. Skip revoking.");
        return response(builder, oAuth2AuditLog);
    }
    oAuth2AuditLog.setClientId(client.getClientId());
    TokenTypeHint tth = TokenTypeHint.getByValue(tokenTypeHint);
    AuthorizationGrant authorizationGrant = null;
    if (tth == TokenTypeHint.ACCESS_TOKEN) {
        authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken(token);
    } else if (tth == TokenTypeHint.REFRESH_TOKEN) {
        authorizationGrant = authorizationGrantList.getAuthorizationGrantByRefreshToken(client.getClientId(), token);
    } else {
        // Since the hint about the type of the token submitted for revocation is optional. oxAuth will
        // search it as Access Token then as Refresh Token.
        authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken(token);
        if (authorizationGrant == null) {
            authorizationGrant = authorizationGrantList.getAuthorizationGrantByRefreshToken(client.getClientId(), token);
        }
    }
    if (authorizationGrant == null) {
        log.trace("Unable to find token.");
        return response(builder, oAuth2AuditLog);
    }
    if (!authorizationGrant.getClientId().equals(client.getClientId())) {
        log.trace("Token was issued with client {} but revoke is requested with client {}. Skip revoking.", authorizationGrant.getClientId(), client.getClientId());
        return response(builder, oAuth2AuditLog);
    }
    RevokeTokenContext revokeTokenContext = new RevokeTokenContext(request, client, authorizationGrant, builder);
    final boolean scriptResult = externalRevokeTokenService.revokeTokenMethods(revokeTokenContext);
    if (!scriptResult) {
        log.trace("Revoke is forbidden by 'Revoke Token' custom script (method returned false). Exit without revoking.");
        return response(builder, oAuth2AuditLog);
    }
    grantService.removeAllByGrantId(authorizationGrant.getGrantId());
    log.trace("Revoked successfully.");
    return response(builder, oAuth2AuditLog);
}
Also used : HttpServletResponse(javax.servlet.http.HttpServletResponse) Response(javax.ws.rs.core.Response) SessionClient(org.gluu.oxauth.model.session.SessionClient) OAuth2AuditLog(org.gluu.oxauth.model.audit.OAuth2AuditLog) RevokeTokenContext(org.gluu.oxauth.service.external.context.RevokeTokenContext) TokenTypeHint(org.gluu.oxauth.model.common.TokenTypeHint) SessionClient(org.gluu.oxauth.model.session.SessionClient) Client(org.gluu.oxauth.model.registration.Client) AuthorizationGrant(org.gluu.oxauth.model.common.AuthorizationGrant)

Aggregations

HttpServletResponse (javax.servlet.http.HttpServletResponse)1 Response (javax.ws.rs.core.Response)1 OAuth2AuditLog (org.gluu.oxauth.model.audit.OAuth2AuditLog)1 AuthorizationGrant (org.gluu.oxauth.model.common.AuthorizationGrant)1 TokenTypeHint (org.gluu.oxauth.model.common.TokenTypeHint)1 Client (org.gluu.oxauth.model.registration.Client)1 SessionClient (org.gluu.oxauth.model.session.SessionClient)1 RevokeTokenContext (org.gluu.oxauth.service.external.context.RevokeTokenContext)1