Examples with AbstractOAuth2Token org.springframework.security.oauth2.core.AbstractOAuth2Token used on opensource projects

Example 1 with AbstractOAuth2Token

use of org.springframework.security.oauth2.core.AbstractOAuth2Token in project spring-authorization-server by spring-projects.

the class OAuth2TokenIntrospectionAuthenticationProvider method withActiveTokenClaims.

private static OAuth2TokenIntrospection withActiveTokenClaims(OAuth2Authorization.Token<AbstractOAuth2Token> authorizedToken, RegisteredClient authorizedClient) {
    OAuth2TokenIntrospection.Builder tokenClaims = OAuth2TokenIntrospection.builder(true).clientId(authorizedClient.getClientId());
    // TODO Set "username"
    AbstractOAuth2Token token = authorizedToken.getToken();
    if (token.getIssuedAt() != null) {
        tokenClaims.issuedAt(token.getIssuedAt());
    }
    if (token.getExpiresAt() != null) {
        tokenClaims.expiresAt(token.getExpiresAt());
    }
    if (OAuth2AccessToken.class.isAssignableFrom(token.getClass())) {
        OAuth2AccessToken accessToken = (OAuth2AccessToken) token;
        tokenClaims.scopes(scopes -> scopes.addAll(accessToken.getScopes()));
        tokenClaims.tokenType(accessToken.getTokenType().getValue());
        if (!CollectionUtils.isEmpty(authorizedToken.getClaims())) {
            OAuth2TokenClaimAccessor accessTokenClaims = authorizedToken::getClaims;
            Instant notBefore = accessTokenClaims.getNotBefore();
            if (notBefore != null) {
                tokenClaims.notBefore(notBefore);
            }
            tokenClaims.subject(accessTokenClaims.getSubject());
            List<String> audience = accessTokenClaims.getAudience();
            if (!CollectionUtils.isEmpty(audience)) {
                tokenClaims.audiences(audiences -> audiences.addAll(audience));
            }
            URL issuer = accessTokenClaims.getIssuer();
            if (issuer != null) {
                tokenClaims.issuer(issuer.toExternalForm());
            }
            String jti = accessTokenClaims.getId();
            if (StringUtils.hasText(jti)) {
                tokenClaims.id(jti);
            }
        }
    }
    return tokenClaims.build();
}

Example 2 with AbstractOAuth2Token

use of org.springframework.security.oauth2.core.AbstractOAuth2Token in project spring-authorization-server by spring-projects.

the class OAuth2TokenIntrospectionAuthenticationProvider method authenticate.

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    OAuth2TokenIntrospectionAuthenticationToken tokenIntrospectionAuthentication = (OAuth2TokenIntrospectionAuthenticationToken) authentication;
    OAuth2ClientAuthenticationToken clientPrincipal = getAuthenticatedClientElseThrowInvalidClient(tokenIntrospectionAuthentication);
    OAuth2Authorization authorization = this.authorizationService.findByToken(tokenIntrospectionAuthentication.getToken(), null);
    if (authorization == null) {
        // Return the authentication request when token not found
        return tokenIntrospectionAuthentication;
    }
    OAuth2Authorization.Token<AbstractOAuth2Token> authorizedToken = authorization.getToken(tokenIntrospectionAuthentication.getToken());
    if (!authorizedToken.isActive()) {
        return new OAuth2TokenIntrospectionAuthenticationToken(tokenIntrospectionAuthentication.getToken(), clientPrincipal, OAuth2TokenIntrospection.builder().build());
    }
    RegisteredClient authorizedClient = this.registeredClientRepository.findById(authorization.getRegisteredClientId());
    OAuth2TokenIntrospection tokenClaims = withActiveTokenClaims(authorizedToken, authorizedClient);
    return new OAuth2TokenIntrospectionAuthenticationToken(authorizedToken.getToken().getTokenValue(), clientPrincipal, tokenClaims);
}

Example 3 with AbstractOAuth2Token

use of org.springframework.security.oauth2.core.AbstractOAuth2Token in project spring-authorization-server by spring-projects.

the class OAuth2TokenRevocationAuthenticationProvider method authenticate.

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    OAuth2TokenRevocationAuthenticationToken tokenRevocationAuthentication = (OAuth2TokenRevocationAuthenticationToken) authentication;
    OAuth2ClientAuthenticationToken clientPrincipal = getAuthenticatedClientElseThrowInvalidClient(tokenRevocationAuthentication);
    RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();
    OAuth2Authorization authorization = this.authorizationService.findByToken(tokenRevocationAuthentication.getToken(), null);
    if (authorization == null) {
        // Return the authentication request when token not found
        return tokenRevocationAuthentication;
    }
    if (!registeredClient.getId().equals(authorization.getRegisteredClientId())) {
        throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_CLIENT);
    }
    OAuth2Authorization.Token<AbstractOAuth2Token> token = authorization.getToken(tokenRevocationAuthentication.getToken());
    authorization = OAuth2AuthenticationProviderUtils.invalidate(authorization, token.getToken());
    this.authorizationService.save(authorization);
    return new OAuth2TokenRevocationAuthenticationToken(token.getToken(), clientPrincipal);
}