Examples with AuthzCodeDO org.wso2.carbon.identity.oauth2.model.AuthzCodeDO used on opensource projects

Example 6 with AuthzCodeDO

use of org.wso2.carbon.identity.oauth2.model.AuthzCodeDO in project identity-inbound-auth-oauth by wso2-extensions.

the class AuthorizationCodeDAOImpl method insertAuthorizationCode.

@Override
public void insertAuthorizationCode(String authzCode, String consumerKey, String callbackUrl, AuthzCodeDO authzCodeDO) throws IdentityOAuth2Exception {
    if (!isPersistenceEnabled()) {
        return;
    }
    if (log.isDebugEnabled()) {
        if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.AUTHORIZATION_CODE)) {
            log.debug("Persisting authorization code (hashed): " + DigestUtils.sha256Hex(authzCode) + " for " + "client: " + consumerKey + " user: " + authzCodeDO.getAuthorizedUser().getLoggableUserId());
        } else {
            log.debug("Persisting authorization code for client: " + consumerKey + " user: " + authzCodeDO.getAuthorizedUser().getLoggableUserId());
        }
    }
    Connection connection = IdentityDatabaseUtil.getDBConnection();
    PreparedStatement prepStmt = null;
    String userDomain = OAuth2Util.getUserStoreDomain(authzCodeDO.getAuthorizedUser());
    String authenticatedIDP = OAuth2Util.getAuthenticatedIDP(authzCodeDO.getAuthorizedUser());
    try {
        String sql;
        if (OAuth2ServiceComponentHolder.isIDPIdColumnEnabled()) {
            sql = SQLQueries.STORE_AUTHORIZATION_CODE_WITH_PKCE_IDP_NAME;
        } else {
            sql = SQLQueries.STORE_AUTHORIZATION_CODE_WITH_PKCE;
        }
        prepStmt = connection.prepareStatement(sql);
        prepStmt.setString(1, authzCodeDO.getAuthzCodeId());
        prepStmt.setString(2, getPersistenceProcessor().getProcessedAuthzCode(authzCode));
        prepStmt.setString(3, callbackUrl);
        prepStmt.setString(4, "");
        prepStmt.setString(5, authzCodeDO.getAuthorizedUser().getUserName());
        prepStmt.setString(6, userDomain);
        int tenantId = OAuth2Util.getTenantId(authzCodeDO.getAuthorizedUser().getTenantDomain());
        prepStmt.setInt(7, tenantId);
        prepStmt.setTimestamp(8, authzCodeDO.getIssuedTime(), Calendar.getInstance(TimeZone.getTimeZone(UTC)));
        prepStmt.setLong(9, authzCodeDO.getValidityPeriod());
        prepStmt.setString(10, authzCodeDO.getAuthorizedUser().getAuthenticatedSubjectIdentifier());
        prepStmt.setString(11, authzCodeDO.getPkceCodeChallenge());
        prepStmt.setString(12, authzCodeDO.getPkceCodeChallengeMethod());
        // insert the hash value of the authorization code
        prepStmt.setString(13, getHashingPersistenceProcessor().getProcessedAuthzCode(authzCode));
        prepStmt.setString(14, getPersistenceProcessor().getProcessedClientId(consumerKey));
        if (OAuth2ServiceComponentHolder.isIDPIdColumnEnabled()) {
            prepStmt.setString(15, authenticatedIDP);
            prepStmt.setInt(16, tenantId);
        }
        prepStmt.execute();
        addAuthorizationCodeScopes(authzCodeDO, connection, tenantId);
        IdentityDatabaseUtil.commitTransaction(connection);
    } catch (SQLException e) {
        IdentityDatabaseUtil.rollbackTransaction(connection);
        throw new IdentityOAuth2Exception("Error when storing the authorization code for consumer key : " + consumerKey, e);
    } finally {
        IdentityDatabaseUtil.closeAllConnections(connection, null, prepStmt);
    }
}

Example 7 with AuthzCodeDO

use of org.wso2.carbon.identity.oauth2.model.AuthzCodeDO in project identity-inbound-auth-oauth by wso2-extensions.

the class AuthorizationCodeDAOImpl method deactivateAuthorizationCode.

@Override
public void deactivateAuthorizationCode(AuthzCodeDO authzCodeDO) throws IdentityOAuth2Exception {
    if (!isPersistenceEnabled()) {
        return;
    }
    if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.AUTHORIZATION_CODE)) {
        log.debug("Deactivating authorization code(hashed): " + DigestUtils.sha256Hex(authzCodeDO.getAuthorizationCode()));
    }
    boolean deactivateAuthorizationCode;
    PreparedStatement prepStmt = null;
    Connection connection = IdentityDatabaseUtil.getDBConnection();
    try {
        prepStmt = connection.prepareStatement(SQLQueries.DEACTIVATE_AUTHZ_CODE_AND_INSERT_CURRENT_TOKEN);
        prepStmt.setString(1, authzCodeDO.getOauthTokenId());
        prepStmt.setString(2, getHashingPersistenceProcessor().getProcessedAuthzCode(authzCodeDO.getAuthorizationCode()));
        prepStmt.executeUpdate();
        IdentityDatabaseUtil.commitTransaction(connection);
        deactivateAuthorizationCode = true;
    } catch (SQLException e) {
        IdentityDatabaseUtil.rollbackTransaction(connection);
        throw new IdentityOAuth2Exception("Error when deactivating authorization code", e);
    } finally {
        IdentityDatabaseUtil.closeAllConnections(connection, null, prepStmt);
    }
    if (deactivateAuthorizationCode) {
        // To revoke the request object which is persisted against the code.
        OAuth2TokenUtil.postRevokeCode(authzCodeDO.getAuthzCodeId(), OAuthConstants.AuthorizationCodeState.INACTIVE, authzCodeDO.getOauthTokenId(), authzCodeDO.getAuthorizationCode());
    }
}

Example 8 with AuthzCodeDO

use of org.wso2.carbon.identity.oauth2.model.AuthzCodeDO in project identity-inbound-auth-oauth by wso2-extensions.

the class CodeResponseTypeHandler method issue.

/**
 * Issue an authorization code and return the OAuth2AuthorizeRespDTO.
 * First the respDTO must be initialized using initResponse method in abstract class.
 *
 * @param oauthAuthzMsgCtx
 * @return OAuth2AuthorizeRespDTO
 * @throws IdentityOAuth2Exception
 */
@Override
public OAuth2AuthorizeRespDTO issue(OAuthAuthzReqMessageContext oauthAuthzMsgCtx) throws IdentityOAuth2Exception {
    AuthzCodeDO authorizationCode = ResponseTypeHandlerUtil.generateAuthorizationCode(oauthAuthzMsgCtx, cacheEnabled);
    String sessionDataKey = oauthAuthzMsgCtx.getAuthorizationReqDTO().getSessionDataKey();
    if (log.isDebugEnabled()) {
        log.debug("Issued code: " + authorizationCode + " for the session data key: " + sessionDataKey);
    }
    // Trigger an event to update request_object_reference table.
    OAuth2TokenUtil.postIssueCode(authorizationCode.getAuthzCodeId(), sessionDataKey, oauthAuthzMsgCtx.getAuthorizationReqDTO().isRequestObjectFlow());
    return buildResponseDTO(oauthAuthzMsgCtx, authorizationCode);
}

Example 9 with AuthzCodeDO

use of org.wso2.carbon.identity.oauth2.model.AuthzCodeDO in project identity-inbound-auth-oauth by wso2-extensions.

the class HybridResponseTypeHandler method issue.

@Override
public OAuth2AuthorizeRespDTO issue(OAuthAuthzReqMessageContext oauthAuthzMsgCtx) throws IdentityOAuth2Exception {
    OAuth2AuthorizeReqDTO authorizationReqDTO = oauthAuthzMsgCtx.getAuthorizationReqDTO();
    String responseType = authorizationReqDTO.getResponseType();
    // Initializing the response.
    OAuth2AuthorizeRespDTO respDTO = initResponse(oauthAuthzMsgCtx);
    // Generating authorization code and generating response for authorization code flow.
    if (isAuthorizationCodeIssued(responseType)) {
        AuthzCodeDO authzCodeDO = ResponseTypeHandlerUtil.generateAuthorizationCode(oauthAuthzMsgCtx, cacheEnabled);
        String sessionDataKey = oauthAuthzMsgCtx.getAuthorizationReqDTO().getSessionDataKey();
        // Trigger an event to update request_object_reference table.
        OAuth2TokenUtil.postIssueCode(authzCodeDO.getAuthzCodeId(), sessionDataKey, oauthAuthzMsgCtx.getAuthorizationReqDTO().isRequestObjectFlow());
        ResponseTypeHandlerUtil.buildAuthorizationCodeResponseDTO(respDTO, authzCodeDO);
    }
    // Generating a single access token if id_token and/or token is in response_type.
    if (isAccessTokenIssued(responseType) || isIDTokenIssued(responseType)) {
        AccessTokenDO accessTokenDO = ResponseTypeHandlerUtil.generateAccessToken(oauthAuthzMsgCtx, cacheEnabled);
        // Starting to trigger post listeners.
        ResponseTypeHandlerUtil.triggerPostListeners(oauthAuthzMsgCtx, accessTokenDO, respDTO);
        // Generating response for access token flow.
        if (isAccessTokenIssued(responseType)) {
            ResponseTypeHandlerUtil.buildAccessTokenResponseDTO(respDTO, accessTokenDO);
        }
        // Generating id_token and generating response for id_token flow.
        if (isIDTokenIssued(responseType)) {
            ResponseTypeHandlerUtil.buildIDTokenResponseDTO(respDTO, accessTokenDO, oauthAuthzMsgCtx);
        }
    }
    return respDTO;
}

Example 10 with AuthzCodeDO

use of org.wso2.carbon.identity.oauth2.model.AuthzCodeDO in project identity-inbound-auth-oauth by wso2-extensions.

the class IdentityOathEventListener method removeAuthzCodesFromCache.

private void removeAuthzCodesFromCache(List<AuthzCodeDO> authorizationCodeDOSet) {
    if (CollectionUtils.isNotEmpty(authorizationCodeDOSet)) {
        for (AuthzCodeDO authorizationCodeDO : authorizationCodeDOSet) {
            String authorizationCode = authorizationCodeDO.getAuthorizationCode();
            String authzCodeId = authorizationCodeDO.getAuthzCodeId();
            AuthorizationGrantCacheKey cacheKey = new AuthorizationGrantCacheKey(authorizationCode);
            AuthorizationGrantCache.getInstance().clearCacheEntryByCodeId(cacheKey, authzCodeId);
        }
    }
}