Example 1 with RevokeTokenContext
use of org.gluu.oxauth.service.external.context.RevokeTokenContext in project oxAuth by GluuFederation.
the class RevokeRestWebServiceImpl method requestAccessToken.
@Override
public Response requestAccessToken(String token, String tokenTypeHint, String clientId, HttpServletRequest request, HttpServletResponse response, SecurityContext sec) {
log.debug("Attempting to revoke token: token = {}, tokenTypeHint = {}, isSecure = {}", token, tokenTypeHint, sec.isSecure());
OAuth2AuditLog oAuth2AuditLog = new OAuth2AuditLog(ServerUtil.getIpAddress(request), Action.TOKEN_REVOCATION);
validateToken(token);
Response.ResponseBuilder builder = Response.ok();
SessionClient sessionClient = identity.getSessionClient();
Client client = sessionClient != null ? sessionClient.getClient() : null;
if (client == null) {
client = clientService.getClient(clientId);
if (!clientService.isPublic(client)) {
log.trace("Client is not public and not authenticated. Skip revoking.");
return response(builder, oAuth2AuditLog);
}
}
if (client == null) {
log.trace("Client is not unknown. Skip revoking.");
return response(builder, oAuth2AuditLog);
}
oAuth2AuditLog.setClientId(client.getClientId());
TokenTypeHint tth = TokenTypeHint.getByValue(tokenTypeHint);
AuthorizationGrant authorizationGrant = null;
if (tth == TokenTypeHint.ACCESS_TOKEN) {
authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken(token);
} else if (tth == TokenTypeHint.REFRESH_TOKEN) {
authorizationGrant = authorizationGrantList.getAuthorizationGrantByRefreshToken(client.getClientId(), token);
} else {
// Since the hint about the type of the token submitted for revocation is optional. oxAuth will
// search it as Access Token then as Refresh Token.
authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken(token);
if (authorizationGrant == null) {
authorizationGrant = authorizationGrantList.getAuthorizationGrantByRefreshToken(client.getClientId(), token);
}
}
if (authorizationGrant == null) {
log.trace("Unable to find token.");
return response(builder, oAuth2AuditLog);
}
if (!authorizationGrant.getClientId().equals(client.getClientId())) {
log.trace("Token was issued with client {} but revoke is requested with client {}. Skip revoking.", authorizationGrant.getClientId(), client.getClientId());
return response(builder, oAuth2AuditLog);
}
RevokeTokenContext revokeTokenContext = new RevokeTokenContext(request, client, authorizationGrant, builder);
final boolean scriptResult = externalRevokeTokenService.revokeTokenMethods(revokeTokenContext);
if (!scriptResult) {
log.trace("Revoke is forbidden by 'Revoke Token' custom script (method returned false). Exit without revoking.");
return response(builder, oAuth2AuditLog);
}
grantService.removeAllByGrantId(authorizationGrant.getGrantId());
log.trace("Revoked successfully.");
return response(builder, oAuth2AuditLog);
}
Also used :
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Response(javax.ws.rs.core.Response)
SessionClient(org.gluu.oxauth.model.session.SessionClient)
OAuth2AuditLog(org.gluu.oxauth.model.audit.OAuth2AuditLog)
RevokeTokenContext(org.gluu.oxauth.service.external.context.RevokeTokenContext)
TokenTypeHint(org.gluu.oxauth.model.common.TokenTypeHint)
SessionClient(org.gluu.oxauth.model.session.SessionClient)
Client(org.gluu.oxauth.model.registration.Client)
AuthorizationGrant(org.gluu.oxauth.model.common.AuthorizationGrant)
Aggregations
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
Response (javax.ws.rs.core.Response)1
OAuth2AuditLog (org.gluu.oxauth.model.audit.OAuth2AuditLog)1
AuthorizationGrant (org.gluu.oxauth.model.common.AuthorizationGrant)1
TokenTypeHint (org.gluu.oxauth.model.common.TokenTypeHint)1
Client (org.gluu.oxauth.model.registration.Client)1
SessionClient (org.gluu.oxauth.model.session.SessionClient)1
RevokeTokenContext (org.gluu.oxauth.service.external.context.RevokeTokenContext)1
