Examples with OAuth2AccessToken org.springframework.security.oauth2.common.OAuth2AccessToken used on opensource projects

Example 86 with OAuth2AccessToken

use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class AbstractClientCredentialsProviderTests method testPostForTokenWithNoScopes.

/**
	 * tests that the registered scopes are used as defaults
	 */
@Test
@OAuth2ContextConfiguration(NoScopeClientCredentials.class)
public void testPostForTokenWithNoScopes() throws Exception {
    OAuth2AccessToken token = context.getAccessToken();
    assertFalse("Wrong scope: " + token.getScope(), token.getScope().isEmpty());
}

Example 87 with OAuth2AccessToken

use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class AbstractRefreshTokenSupportTests method getAccessToken.

private OAuth2AccessToken getAccessToken(String scope, String clientId) throws Exception {
    MultiValueMap<String, String> formData = getTokenFormData(scope, clientId);
    HttpHeaders headers = getTokenHeaders(clientId);
    @SuppressWarnings("rawtypes") ResponseEntity<Map> response = http.postForMap(tokenPath(), headers, formData);
    assertEquals(HttpStatus.OK, response.getStatusCode());
    assertTrue("Wrong cache control: " + response.getHeaders().getFirst("Cache-Control"), response.getHeaders().getFirst("Cache-Control").contains("no-store"));
    @SuppressWarnings("unchecked") OAuth2AccessToken accessToken = DefaultOAuth2AccessToken.valueOf(response.getBody());
    return accessToken;
}

Example 88 with OAuth2AccessToken

use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class AbstractRefreshTokenSupportTests method testHappyDay.

/**
	 * tests a happy-day flow of the refresh token provider.
	 */
@Test
public void testHappyDay() throws Exception {
    OAuth2AccessToken accessToken = getAccessToken("read write", "my-trusted-client");
    // now use the refresh token to get a new access token.
    assertNotNull(accessToken.getRefreshToken());
    OAuth2AccessToken newAccessToken = refreshAccessToken(accessToken.getRefreshToken().getValue());
    assertFalse(newAccessToken.getValue().equals(accessToken.getValue()));
    verifyAccessTokens(accessToken, newAccessToken);
}

Example 89 with OAuth2AccessToken

use of org.springframework.security.oauth2.common.OAuth2AccessToken in project ORCID-Source by ORCID.

the class OpenIDController method getUserInfo.

/** Manually checks bearer token, looks up user or throws 403.
     * 
     * @return
     */
@RequestMapping(value = "/oauth/userinfo", method = { RequestMethod.GET, RequestMethod.POST }, produces = "application/json")
@ResponseBody
public ResponseEntity<OpenIDConnectUserInfo> getUserInfo(HttpServletRequest request) {
    //note we do not support form post per https://tools.ietf.org/html/rfc6750 because it's a MAY and pointless
    String authHeader = request.getHeader("Authorization");
    if (authHeader != null) {
        //lookup token, check it's valid, check scope.
        String tokenValue = authHeader.replace("Bearer", "").trim();
        OAuth2AccessToken tok = tokenStore.readAccessToken(tokenValue);
        if (tok != null && !tok.isExpired()) {
            boolean hasScope = false;
            Set<ScopePathType> requestedScopes = ScopePathType.getScopesFromStrings(tok.getScope());
            for (ScopePathType scope : requestedScopes) {
                if (scope.hasScope(ScopePathType.OPENID)) {
                    hasScope = true;
                }
            }
            if (hasScope) {
                String orcid = tok.getAdditionalInformation().get("orcid").toString();
                Person person = personDetailsManagerReadOnly.getPublicPersonDetails(orcid);
                return ResponseEntity.ok(new OpenIDConnectUserInfo(orcid, person));
            }
        }
    }
    return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
}

Example 90 with OAuth2AccessToken

use of org.springframework.security.oauth2.common.OAuth2AccessToken in project ORCID-Source by ORCID.

the class OrcidClientCredentialEndPointDelegatorImpl method generateToken.

protected OAuth2AccessToken generateToken(Authentication client, Set<String> scopes, String code, String redirectUri, String grantType, String refreshToken, String state, String authorization, boolean revokeOld, Long expiresIn) {
    String clientId = client.getName();
    Map<String, String> authorizationParameters = new HashMap<String, String>();
    if (scopes != null) {
        String scopesString = StringUtils.join(scopes, ' ');
        authorizationParameters.put(OAuth2Utils.SCOPE, scopesString);
    }
    authorizationParameters.put(OAuth2Utils.CLIENT_ID, clientId);
    if (code != null) {
        authorizationParameters.put("code", code);
        OrcidOauth2AuthoriziationCodeDetail authorizationCodeEntity = orcidOauth2AuthoriziationCodeDetailDao.find(code);
        if (authorizationCodeEntity != null) {
            if (orcidOauth2AuthoriziationCodeDetailDao.isPersistentToken(code)) {
                authorizationParameters.put(OrcidOauth2Constants.IS_PERSISTENT, "true");
            } else {
                authorizationParameters.put(OrcidOauth2Constants.IS_PERSISTENT, "false");
            }
            if (!authorizationParameters.containsKey(OAuth2Utils.SCOPE) || PojoUtil.isEmpty(authorizationParameters.get(OAuth2Utils.SCOPE))) {
                String scopesString = StringUtils.join(authorizationCodeEntity.getScopes(), ' ');
                authorizationParameters.put(OAuth2Utils.SCOPE, scopesString);
            }
            //This will pass through to the token generator as a request param.
            if (authorizationCodeEntity.getNonce() != null) {
                authorizationParameters.put(OrcidOauth2Constants.NONCE, authorizationCodeEntity.getNonce());
            }
        } else {
            authorizationParameters.put(OrcidOauth2Constants.IS_PERSISTENT, "false");
        }
    }
    //If it is a refresh token request, set the needed authorization parameters
    if (OrcidOauth2Constants.REFRESH_TOKEN.equals(grantType)) {
        authorizationParameters.put(OrcidOauth2Constants.AUTHORIZATION, authorization);
        authorizationParameters.put(OrcidOauth2Constants.REVOKE_OLD, String.valueOf(revokeOld));
        authorizationParameters.put(OrcidOauth2Constants.EXPIRES_IN, String.valueOf(expiresIn));
        authorizationParameters.put(OrcidOauth2Constants.REFRESH_TOKEN, String.valueOf(refreshToken));
    }
    if (redirectUri != null) {
        authorizationParameters.put(OAuth2Utils.REDIRECT_URI, redirectUri);
    }
    AuthorizationRequest authorizationRequest = getOAuth2RequestFactory().createAuthorizationRequest(authorizationParameters);
    TokenRequest tokenRequest = getOAuth2RequestFactory().createTokenRequest(authorizationRequest, grantType);
    //Need to change this to either the DefaultTokenType or start using a different token type.
    OAuth2AccessToken token = getTokenGranter().grant(grantType, tokenRequest);
    Object[] params = { grantType };
    if (token == null) {
        LOGGER.info("Unsupported grant type for OAuth2: clientId={}, grantType={}, code={}, scopes={}, state={}, redirectUri={}", new Object[] { clientId, grantType, code, scopes, state, redirectUri });
        throw new UnsupportedGrantTypeException(localeManager.resolveMessage("apiError.unsupported_client_type.exception", params));
    }
    LOGGER.info("OAuth2 access token granted: clientId={}, grantType={}, code={}, scopes={}, state={}, redirectUri={}, token={}", new Object[] { clientId, grantType, code, scopes, state, redirectUri, token });
    return token;
}