use of org.springframework.security.oauth2.common.OAuth2RefreshToken in project ORCID-Source by ORCID.
the class OrcidTokenStoreServiceTest method testRemoveRefreshToken.
@Test
@Transactional
public void testRemoveRefreshToken() throws Exception {
OAuth2AccessToken token = orcidTokenStoreService.readAccessToken("some-long-oauth2-token-value-3");
orcidTokenStoreService.removeRefreshToken(token.getRefreshToken());
OAuth2RefreshToken refreshToken = orcidTokenStoreService.readRefreshToken("some-long-oauth2-refresh-value-3");
assertNull(refreshToken);
}
use of org.springframework.security.oauth2.common.OAuth2RefreshToken in project ORCID-Source by ORCID.
the class OrcidRandomValueTokenServicesImpl method createAccessToken.
@Override
public OAuth2AccessToken createAccessToken(OAuth2Authentication authentication) throws AuthenticationException {
OrcidOauth2AuthInfo authInfo = new OrcidOauth2AuthInfo(authentication);
String userOrcid = authInfo.getUserOrcid();
DefaultOAuth2AccessToken accessToken = new DefaultOAuth2AccessToken(UUID.randomUUID().toString());
int validitySeconds = getAccessTokenValiditySeconds(authentication.getOAuth2Request());
if (validitySeconds > 0) {
accessToken.setExpiration(new Date(System.currentTimeMillis() + (validitySeconds * 1000L)));
}
accessToken.setScope(authentication.getOAuth2Request().getScope());
if (customTokenEnhancer != null) {
accessToken = new DefaultOAuth2AccessToken(customTokenEnhancer.enhance(accessToken, authentication));
}
if (this.isSupportRefreshToken(authentication.getOAuth2Request())) {
OAuth2RefreshToken refreshToken = new DefaultOAuth2RefreshToken(UUID.randomUUID().toString());
accessToken.setRefreshToken(refreshToken);
}
orcidTokenStore.storeAccessToken(accessToken, authentication);
LOGGER.info("Creating new access token: clientId={}, scopes={}, userOrcid={}", new Object[] { authInfo.getClientId(), authInfo.getScopes(), userOrcid });
return accessToken;
}
use of org.springframework.security.oauth2.common.OAuth2RefreshToken in project spring-security-oauth by spring-projects.
the class DefaultTokenServices method createRefreshToken.
private OAuth2RefreshToken createRefreshToken(OAuth2Authentication authentication) {
if (!isSupportRefreshToken(authentication.getOAuth2Request())) {
return null;
}
int validitySeconds = getRefreshTokenValiditySeconds(authentication.getOAuth2Request());
String value = UUID.randomUUID().toString();
if (validitySeconds > 0) {
return new DefaultExpiringOAuth2RefreshToken(value, new Date(System.currentTimeMillis() + (validitySeconds * 1000L)));
}
return new DefaultOAuth2RefreshToken(value);
}
use of org.springframework.security.oauth2.common.OAuth2RefreshToken in project spring-security-oauth by spring-projects.
the class DefaultTokenServices method createAccessToken.
@Transactional
public OAuth2AccessToken createAccessToken(OAuth2Authentication authentication) throws AuthenticationException {
OAuth2AccessToken existingAccessToken = tokenStore.getAccessToken(authentication);
OAuth2RefreshToken refreshToken = null;
if (existingAccessToken != null) {
if (existingAccessToken.isExpired()) {
if (existingAccessToken.getRefreshToken() != null) {
refreshToken = existingAccessToken.getRefreshToken();
// The token store could remove the refresh token when the
// access token is removed, but we want to
// be sure...
tokenStore.removeRefreshToken(refreshToken);
}
tokenStore.removeAccessToken(existingAccessToken);
} else {
// Re-store the access token in case the authentication has changed
tokenStore.storeAccessToken(existingAccessToken, authentication);
return existingAccessToken;
}
}
// expired.
if (refreshToken == null) {
refreshToken = createRefreshToken(authentication);
} else // expired.
if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
ExpiringOAuth2RefreshToken expiring = (ExpiringOAuth2RefreshToken) refreshToken;
if (System.currentTimeMillis() > expiring.getExpiration().getTime()) {
refreshToken = createRefreshToken(authentication);
}
}
OAuth2AccessToken accessToken = createAccessToken(authentication, refreshToken);
tokenStore.storeAccessToken(accessToken, authentication);
// In case it was modified
refreshToken = accessToken.getRefreshToken();
if (refreshToken != null) {
tokenStore.storeRefreshToken(refreshToken, authentication);
}
return accessToken;
}
use of org.springframework.security.oauth2.common.OAuth2RefreshToken in project spring-security-oauth by spring-projects.
the class JwtTokenStore method readRefreshToken.
@Override
public OAuth2RefreshToken readRefreshToken(String tokenValue) {
OAuth2AccessToken encodedRefreshToken = convertAccessToken(tokenValue);
OAuth2RefreshToken refreshToken = createRefreshToken(encodedRefreshToken);
if (approvalStore != null) {
OAuth2Authentication authentication = readAuthentication(tokenValue);
if (authentication.getUserAuthentication() != null) {
String userId = authentication.getUserAuthentication().getName();
String clientId = authentication.getOAuth2Request().getClientId();
Collection<Approval> approvals = approvalStore.getApprovals(userId, clientId);
Collection<String> approvedScopes = new HashSet<String>();
for (Approval approval : approvals) {
if (approval.isApproved()) {
approvedScopes.add(approval.getScope());
}
}
if (!approvedScopes.containsAll(authentication.getOAuth2Request().getScope())) {
return null;
}
}
}
return refreshToken;
}
Aggregations