Example 81 with OAuth2RefreshToken
use of org.springframework.security.oauth2.core.OAuth2RefreshToken in project spring-security-oauth by spring-projects.
the class DefaultTokenServices method createAccessToken.
@Transactional
public OAuth2AccessToken createAccessToken(OAuth2Authentication authentication) throws AuthenticationException {
OAuth2AccessToken existingAccessToken = tokenStore.getAccessToken(authentication);
OAuth2RefreshToken refreshToken = null;
if (existingAccessToken != null) {
if (existingAccessToken.isExpired()) {
if (existingAccessToken.getRefreshToken() != null) {
refreshToken = existingAccessToken.getRefreshToken();
// The token store could remove the refresh token when the
// access token is removed, but we want to
// be sure...
tokenStore.removeRefreshToken(refreshToken);
}
tokenStore.removeAccessToken(existingAccessToken);
} else {
// Re-store the access token in case the authentication has changed
tokenStore.storeAccessToken(existingAccessToken, authentication);
return existingAccessToken;
}
}
// expired.
if (refreshToken == null) {
refreshToken = createRefreshToken(authentication);
} else // expired.
if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
ExpiringOAuth2RefreshToken expiring = (ExpiringOAuth2RefreshToken) refreshToken;
if (System.currentTimeMillis() > expiring.getExpiration().getTime()) {
refreshToken = createRefreshToken(authentication);
}
}
OAuth2AccessToken accessToken = createAccessToken(authentication, refreshToken);
tokenStore.storeAccessToken(accessToken, authentication);
// In case it was modified
refreshToken = accessToken.getRefreshToken();
if (refreshToken != null) {
tokenStore.storeRefreshToken(refreshToken, authentication);
}
return accessToken;
}
Also used :
ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken)
OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken)
DefaultOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)
DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)
DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken)
DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 82 with OAuth2RefreshToken
use of org.springframework.security.oauth2.core.OAuth2RefreshToken in project spring-security-oauth by spring-projects.
the class JwtTokenStore method readRefreshToken.
@Override
public OAuth2RefreshToken readRefreshToken(String tokenValue) {
OAuth2AccessToken encodedRefreshToken = convertAccessToken(tokenValue);
OAuth2RefreshToken refreshToken = createRefreshToken(encodedRefreshToken);
if (approvalStore != null) {
OAuth2Authentication authentication = readAuthentication(tokenValue);
if (authentication.getUserAuthentication() != null) {
String userId = authentication.getUserAuthentication().getName();
String clientId = authentication.getOAuth2Request().getClientId();
Collection<Approval> approvals = approvalStore.getApprovals(userId, clientId);
Collection<String> approvedScopes = new HashSet<String>();
for (Approval approval : approvals) {
if (approval.isApproved()) {
approvedScopes.add(approval.getScope());
}
}
if (!approvedScopes.containsAll(authentication.getOAuth2Request().getScope())) {
return null;
}
}
}
return refreshToken;
}
Also used :
DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)
OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken)
DefaultOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Approval(org.springframework.security.oauth2.provider.approval.Approval)
Example 83 with OAuth2RefreshToken
use of org.springframework.security.oauth2.core.OAuth2RefreshToken in project spring-security-oauth by spring-projects.
the class RedisTokenStore method storeRefreshToken.
@Override
public void storeRefreshToken(OAuth2RefreshToken refreshToken, OAuth2Authentication authentication) {
byte[] refreshKey = serializeKey(REFRESH + refreshToken.getValue());
byte[] refreshAuthKey = serializeKey(REFRESH_AUTH + refreshToken.getValue());
byte[] serializedRefreshToken = serialize(refreshToken);
RedisConnection conn = getConnection();
try {
conn.openPipeline();
if (springDataRedis_2_0) {
try {
this.redisConnectionSet_2_0.invoke(conn, refreshKey, serializedRefreshToken);
this.redisConnectionSet_2_0.invoke(conn, refreshAuthKey, serialize(authentication));
} catch (Exception ex) {
throw new RuntimeException(ex);
}
} else {
conn.set(refreshKey, serializedRefreshToken);
conn.set(refreshAuthKey, serialize(authentication));
}
if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
ExpiringOAuth2RefreshToken expiringRefreshToken = (ExpiringOAuth2RefreshToken) refreshToken;
Date expiration = expiringRefreshToken.getExpiration();
if (expiration != null) {
int seconds = Long.valueOf((expiration.getTime() - System.currentTimeMillis()) / 1000L).intValue();
conn.expire(refreshKey, seconds);
conn.expire(refreshAuthKey, seconds);
}
}
conn.closePipeline();
} finally {
conn.close();
}
}
Also used :
Date(java.util.Date)
RedisConnection(org.springframework.data.redis.connection.RedisConnection)
ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken)
Example 84 with OAuth2RefreshToken
use of org.springframework.security.oauth2.core.OAuth2RefreshToken in project spring-security-oauth by spring-projects.
the class RedisTokenStore method storeAccessToken.
@Override
public void storeAccessToken(OAuth2AccessToken token, OAuth2Authentication authentication) {
byte[] serializedAccessToken = serialize(token);
byte[] serializedAuth = serialize(authentication);
byte[] accessKey = serializeKey(ACCESS + token.getValue());
byte[] authKey = serializeKey(AUTH + token.getValue());
byte[] authToAccessKey = serializeKey(AUTH_TO_ACCESS + authenticationKeyGenerator.extractKey(authentication));
byte[] approvalKey = serializeKey(UNAME_TO_ACCESS + getApprovalKey(authentication));
byte[] clientId = serializeKey(CLIENT_ID_TO_ACCESS + authentication.getOAuth2Request().getClientId());
RedisConnection conn = getConnection();
try {
conn.openPipeline();
if (springDataRedis_2_0) {
try {
this.redisConnectionSet_2_0.invoke(conn, accessKey, serializedAccessToken);
this.redisConnectionSet_2_0.invoke(conn, authKey, serializedAuth);
this.redisConnectionSet_2_0.invoke(conn, authToAccessKey, serializedAccessToken);
} catch (Exception ex) {
throw new RuntimeException(ex);
}
} else {
conn.set(accessKey, serializedAccessToken);
conn.set(authKey, serializedAuth);
conn.set(authToAccessKey, serializedAccessToken);
}
if (!authentication.isClientOnly()) {
conn.sAdd(approvalKey, serializedAccessToken);
}
conn.sAdd(clientId, serializedAccessToken);
if (token.getExpiration() != null) {
int seconds = token.getExpiresIn();
conn.expire(accessKey, seconds);
conn.expire(authKey, seconds);
conn.expire(authToAccessKey, seconds);
conn.expire(clientId, seconds);
conn.expire(approvalKey, seconds);
}
OAuth2RefreshToken refreshToken = token.getRefreshToken();
if (refreshToken != null && refreshToken.getValue() != null) {
byte[] refresh = serialize(refreshToken.getValue());
byte[] access = serialize(token.getValue());
byte[] refreshToAccessKey = serializeKey(REFRESH_TO_ACCESS + refreshToken.getValue());
byte[] accessToRefreshKey = serializeKey(ACCESS_TO_REFRESH + token.getValue());
if (springDataRedis_2_0) {
try {
this.redisConnectionSet_2_0.invoke(conn, refreshToAccessKey, access);
this.redisConnectionSet_2_0.invoke(conn, accessToRefreshKey, refresh);
} catch (Exception ex) {
throw new RuntimeException(ex);
}
} else {
conn.set(refreshToAccessKey, access);
conn.set(accessToRefreshKey, refresh);
}
if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
ExpiringOAuth2RefreshToken expiringRefreshToken = (ExpiringOAuth2RefreshToken) refreshToken;
Date expiration = expiringRefreshToken.getExpiration();
if (expiration != null) {
int seconds = Long.valueOf((expiration.getTime() - System.currentTimeMillis()) / 1000L).intValue();
conn.expire(refreshToAccessKey, seconds);
conn.expire(accessToRefreshKey, seconds);
}
}
}
conn.closePipeline();
} finally {
conn.close();
}
}
Also used :
ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken)
OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken)
Date(java.util.Date)
RedisConnection(org.springframework.data.redis.connection.RedisConnection)
ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken)
Example 85 with OAuth2RefreshToken
use of org.springframework.security.oauth2.core.OAuth2RefreshToken in project spring-security-oauth by spring-projects.
the class TokenStoreBaseTests method testRemoveRefreshToken.
@Test
public void testRemoveRefreshToken() {
OAuth2RefreshToken expectedExpiringRefreshToken = new DefaultExpiringOAuth2RefreshToken("testToken", new Date());
OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request("id", false), new TestAuthentication("test2", false));
getTokenStore().storeRefreshToken(expectedExpiringRefreshToken, expectedAuthentication);
getTokenStore().removeRefreshToken(expectedExpiringRefreshToken);
assertNull(getTokenStore().readRefreshToken("testToken"));
}
Also used :
DefaultOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)
DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)
OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)
Date(java.util.Date)
Test(org.junit.Test)
Aggregations
OAuth2RefreshToken (org.springframework.security.oauth2.common.OAuth2RefreshToken)74
OAuth2RefreshToken (org.springframework.security.oauth2.core.OAuth2RefreshToken)57
Test (org.junit.jupiter.api.Test)41
Test (org.junit.Test)39
DefaultOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)38
OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)33
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)31
DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)25
OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)25
OAuth2AuthorizedClient (org.springframework.security.oauth2.client.OAuth2AuthorizedClient)24
ExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken)24
Authentication (org.springframework.security.core.Authentication)20
Instant (java.time.Instant)19
ClientRequest (org.springframework.web.reactive.function.client.ClientRequest)18
RegisteredClient (org.springframework.security.oauth2.server.authorization.client.RegisteredClient)17
DefaultExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)16
HashMap (java.util.HashMap)15
OAuth2Authorization (org.springframework.security.oauth2.server.authorization.OAuth2Authorization)14
RedisConnection (org.springframework.data.redis.connection.RedisConnection)13
ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)13
