Examples with OAuth2RefreshToken org.springframework.security.oauth2.core.OAuth2RefreshToken used on opensource projects

Example 66 with OAuth2RefreshToken

use of org.springframework.security.oauth2.core.OAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class AbstractPersistentDefaultTokenServicesTests method testRefreshTokenMaintainsState.

@Test
public void testRefreshTokenMaintainsState() throws Exception {
    getTokenServices().setSupportRefreshToken(true);
    OAuth2AccessToken accessToken = getTokenServices().createAccessToken(createAuthentication());
    OAuth2RefreshToken expectedExpiringRefreshToken = accessToken.getRefreshToken();
    TokenRequest tokenRequest = new TokenRequest(Collections.singletonMap("client_id", "id"), "id", null, null);
    OAuth2AccessToken refreshedAccessToken = getTokenServices().refreshAccessToken(expectedExpiringRefreshToken.getValue(), tokenRequest);
    assertNotNull(refreshedAccessToken);
    assertEquals(1, getAccessTokenCount());
}

Example 67 with OAuth2RefreshToken

use of org.springframework.security.oauth2.core.OAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class AccessTokenProviderChain method obtainAccessToken.

public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails resource, AccessTokenRequest request) throws UserRedirectRequiredException, AccessDeniedException {
    OAuth2AccessToken accessToken = null;
    OAuth2AccessToken existingToken = null;
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    if (auth instanceof AnonymousAuthenticationToken) {
        if (!resource.isClientOnly()) {
            throw new InsufficientAuthenticationException("Authentication is required to obtain an access token (anonymous not allowed)");
        }
    }
    if (resource.isClientOnly() || (auth != null && auth.isAuthenticated())) {
        existingToken = request.getExistingToken();
        if (existingToken == null && clientTokenServices != null) {
            existingToken = clientTokenServices.getAccessToken(resource, auth);
        }
        if (existingToken != null) {
            if (hasTokenExpired(existingToken)) {
                if (clientTokenServices != null) {
                    clientTokenServices.removeAccessToken(resource, auth);
                }
                OAuth2RefreshToken refreshToken = existingToken.getRefreshToken();
                if (refreshToken != null && !resource.isClientOnly()) {
                    accessToken = refreshAccessToken(resource, refreshToken, request);
                }
            } else {
                accessToken = existingToken;
            }
        }
    }
    if (accessToken == null) {
        // looks like we need to try to obtain a new token.
        accessToken = obtainNewAccessTokenInternal(resource, request);
        if (accessToken == null) {
            throw new IllegalStateException("An OAuth 2 access token must be obtained or an exception thrown.");
        }
    }
    if (clientTokenServices != null && (resource.isClientOnly() || auth != null && auth.isAuthenticated())) {
        clientTokenServices.saveAccessToken(resource, auth, accessToken);
    }
    return accessToken;
}

Example 68 with OAuth2RefreshToken

use of org.springframework.security.oauth2.core.OAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class JaxbOAuth2AccessTokenMessageConverter method convertToInternal.

protected JaxbOAuth2AccessToken convertToInternal(OAuth2AccessToken accessToken) {
    JaxbOAuth2AccessToken jaxbAccessToken = new JaxbOAuth2AccessToken();
    jaxbAccessToken.setAccessToken(accessToken.getValue());
    jaxbAccessToken.setExpriation(accessToken.getExpiration());
    OAuth2RefreshToken refreshToken = accessToken.getRefreshToken();
    if (refreshToken != null) {
        jaxbAccessToken.setRefreshToken(refreshToken.getValue());
    }
    return jaxbAccessToken;
}

Example 69 with OAuth2RefreshToken

use of org.springframework.security.oauth2.core.OAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class RedisTokenStore method readRefreshToken.

@Override
public OAuth2RefreshToken readRefreshToken(String tokenValue) {
    byte[] key = serializeKey(REFRESH + tokenValue);
    byte[] bytes = null;
    RedisConnection conn = getConnection();
    try {
        bytes = conn.get(key);
    } finally {
        conn.close();
    }
    OAuth2RefreshToken refreshToken = deserializeRefreshToken(bytes);
    return refreshToken;
}

Example 70 with OAuth2RefreshToken

use of org.springframework.security.oauth2.core.OAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class JaxbOAuth2AccessTokenMessageConverterTests method assertTokenEquals.

private static void assertTokenEquals(OAuth2AccessToken expected, OAuth2AccessToken actual) {
    assertEquals(expected.getTokenType(), actual.getTokenType());
    assertEquals(expected.getValue(), actual.getValue());
    OAuth2RefreshToken expectedRefreshToken = expected.getRefreshToken();
    if (expectedRefreshToken == null) {
        assertNull(actual.getRefreshToken());
    } else {
        assertEquals(expectedRefreshToken.getValue(), actual.getRefreshToken().getValue());
    }
    assertEquals(expected.getScope(), actual.getScope());
    Date expectedExpiration = expected.getExpiration();
    if (expectedExpiration == null) {
        assertNull(actual.getExpiration());
    } else {
        assertEquals(expectedExpiration.getTime(), actual.getExpiration().getTime());
    }
}