Examples with OAuth2RefreshToken org.springframework.security.oauth2.core.OAuth2RefreshToken used on opensource projects

Example 36 with OAuth2RefreshToken

use of org.springframework.security.oauth2.core.OAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class JwtTokenStore method readRefreshToken.

@Override
public OAuth2RefreshToken readRefreshToken(String tokenValue) {
    OAuth2AccessToken encodedRefreshToken = convertAccessToken(tokenValue);
    OAuth2RefreshToken refreshToken = createRefreshToken(encodedRefreshToken);
    if (approvalStore != null) {
        OAuth2Authentication authentication = readAuthentication(tokenValue);
        if (authentication.getUserAuthentication() != null) {
            String userId = authentication.getUserAuthentication().getName();
            String clientId = authentication.getOAuth2Request().getClientId();
            Collection<Approval> approvals = approvalStore.getApprovals(userId, clientId);
            Collection<String> approvedScopes = new HashSet<String>();
            for (Approval approval : approvals) {
                if (approval.isApproved()) {
                    approvedScopes.add(approval.getScope());
                }
            }
            if (!approvedScopes.containsAll(authentication.getOAuth2Request().getScope())) {
                return null;
            }
        }
    }
    return refreshToken;
}

Example 37 with OAuth2RefreshToken

use of org.springframework.security.oauth2.core.OAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class RedisTokenStore method storeRefreshToken.

@Override
public void storeRefreshToken(OAuth2RefreshToken refreshToken, OAuth2Authentication authentication) {
    byte[] refreshKey = serializeKey(REFRESH + refreshToken.getValue());
    byte[] refreshAuthKey = serializeKey(REFRESH_AUTH + refreshToken.getValue());
    byte[] serializedRefreshToken = serialize(refreshToken);
    RedisConnection conn = getConnection();
    try {
        conn.openPipeline();
        conn.set(refreshKey, serializedRefreshToken);
        conn.set(refreshAuthKey, serialize(authentication));
        if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
            ExpiringOAuth2RefreshToken expiringRefreshToken = (ExpiringOAuth2RefreshToken) refreshToken;
            Date expiration = expiringRefreshToken.getExpiration();
            if (expiration != null) {
                int seconds = Long.valueOf((expiration.getTime() - System.currentTimeMillis()) / 1000L).intValue();
                conn.expire(refreshKey, seconds);
                conn.expire(refreshAuthKey, seconds);
            }
        }
        conn.closePipeline();
    } finally {
        conn.close();
    }
}

Example 38 with OAuth2RefreshToken

use of org.springframework.security.oauth2.core.OAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class AbstractDefaultTokenServicesTests method testRefreshTokenNonExpiring.

@Test
public void testRefreshTokenNonExpiring() throws Exception {
    ClientDetailsService clientDetailsService = new InMemoryClientDetailsServiceBuilder().withClient("id").refreshTokenValiditySeconds(0).authorizedGrantTypes("refresh_token").and().build();
    DefaultTokenServices tokenServices = getTokenServices();
    tokenServices.setClientDetailsService(clientDetailsService);
    OAuth2RefreshToken refreshToken = tokenServices.createAccessToken(createAuthentication()).getRefreshToken();
    assertNotNull(refreshToken);
    assertFalse(refreshToken instanceof ExpiringOAuth2RefreshToken);
}

Example 39 with OAuth2RefreshToken

use of org.springframework.security.oauth2.core.OAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class AbstractPersistentDefaultTokenServicesTests method testNotReuseRefreshTokenMaintainsState.

@Test
public void testNotReuseRefreshTokenMaintainsState() throws Exception {
    getTokenServices().setSupportRefreshToken(true);
    getTokenServices().setReuseRefreshToken(false);
    OAuth2AccessToken accessToken = getTokenServices().createAccessToken(createAuthentication());
    OAuth2RefreshToken expectedExpiringRefreshToken = accessToken.getRefreshToken();
    TokenRequest tokenRequest = new TokenRequest(Collections.singletonMap("client_id", "id"), "id", null, null);
    OAuth2AccessToken refreshedAccessToken = getTokenServices().refreshAccessToken(expectedExpiringRefreshToken.getValue(), tokenRequest);
    assertNotNull(refreshedAccessToken);
    assertEquals(1, getRefreshTokenCount());
}

Example 40 with OAuth2RefreshToken

use of org.springframework.security.oauth2.core.OAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class TokenStoreBaseTests method testRemoveRefreshToken.

@Test
public void testRemoveRefreshToken() {
    OAuth2RefreshToken expectedExpiringRefreshToken = new DefaultExpiringOAuth2RefreshToken("testToken", new Date());
    OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request("id", false), new TestAuthentication("test2", false));
    getTokenStore().storeRefreshToken(expectedExpiringRefreshToken, expectedAuthentication);
    getTokenStore().removeRefreshToken(expectedExpiringRefreshToken);
    assertNull(getTokenStore().readRefreshToken("testToken"));
}