Example 11 with OauthTokenIssuer
use of org.wso2.carbon.identity.oauth2.token.OauthTokenIssuer in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2Util method getAccessTokenDOFromMatchingTokenIssuer.
/**
* Loop through provided token issuer list and tries to get the access token DO.
*
* @param tokenIdentifier Provided token identifier.
* @param tokenIssuerMap List of token issuers.
* @return Obtained matching access token DO if possible.
* @throws IdentityOAuth2Exception
*/
private static AccessTokenDO getAccessTokenDOFromMatchingTokenIssuer(String tokenIdentifier, Map<String, OauthTokenIssuer> tokenIssuerMap, boolean includeExpired) throws IdentityOAuth2Exception {
AccessTokenDO accessTokenDO;
if (tokenIssuerMap != null) {
for (Map.Entry<String, OauthTokenIssuer> oauthTokenIssuerEntry : tokenIssuerMap.entrySet()) {
try {
OauthTokenIssuer oauthTokenIssuer = oauthTokenIssuerEntry.getValue();
String tokenAlias = oauthTokenIssuer.getAccessTokenHash(tokenIdentifier);
if (oauthTokenIssuer.usePersistedAccessTokenAlias()) {
accessTokenDO = OAuth2Util.getAccessTokenDOFromTokenIdentifier(tokenAlias, includeExpired);
} else {
accessTokenDO = OAuth2Util.getAccessTokenDOFromTokenIdentifier(tokenIdentifier, includeExpired);
}
if (accessTokenDO != null) {
return accessTokenDO;
}
} catch (OAuthSystemException e) {
if (log.isDebugEnabled()) {
if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.ACCESS_TOKEN)) {
log.debug("Token issuer: " + oauthTokenIssuerEntry.getKey() + " was tried and" + " failed to parse the received token: " + tokenIdentifier);
} else {
log.debug("Token issuer: " + oauthTokenIssuerEntry.getKey() + " was tried and" + " failed to parse the received token.");
}
}
} catch (IllegalArgumentException e) {
if (log.isDebugEnabled()) {
if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.ACCESS_TOKEN)) {
log.debug("Token issuer: " + oauthTokenIssuerEntry.getKey() + " was tried and" + " failed to get the token from database: " + tokenIdentifier);
} else {
log.debug("Token issuer: " + oauthTokenIssuerEntry.getKey() + " was tried and" + " failed to get the token from database.");
}
}
}
}
}
return null;
}
Also used :
AccessTokenDO(org.wso2.carbon.identity.oauth2.model.AccessTokenDO)
OauthTokenIssuer(org.wso2.carbon.identity.oauth2.token.OauthTokenIssuer)
OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException)
Map(java.util.Map)
TreeMap(java.util.TreeMap)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
HashMap(java.util.HashMap)
Example 12 with OauthTokenIssuer
use of org.wso2.carbon.identity.oauth2.token.OauthTokenIssuer in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2Util method getTokenIssuer.
/**
* @deprecated We cannot determine the token issuer this way. Have a look at the
* {@link #findAccessToken(String, boolean)} method.
*/
@Deprecated
public static OauthTokenIssuer getTokenIssuer(String accessToken) throws IdentityOAuth2Exception {
OauthTokenIssuer oauthTokenIssuer = null;
String consumerKey = null;
if (isJWT(accessToken) || isIDTokenEncrypted(accessToken)) {
oauthTokenIssuer = new JWTTokenIssuer();
} else {
try {
consumerKey = OAuth2Util.getClientIdForAccessToken(accessToken);
if (consumerKey != null) {
oauthTokenIssuer = OAuth2Util.getOAuthTokenIssuerForOAuthApp(consumerKey);
}
} catch (IllegalArgumentException e) {
if (log.isDebugEnabled()) {
log.debug("Consumer key is not found for token identifier: " + accessToken, e);
}
} catch (InvalidOAuthClientException e) {
throw new IdentityOAuth2Exception("Error while retrieving oauth issuer for the app with clientId: " + consumerKey, e);
}
}
return oauthTokenIssuer;
}
Also used :
OauthTokenIssuer(org.wso2.carbon.identity.oauth2.token.OauthTokenIssuer)
JWTTokenIssuer(org.wso2.carbon.identity.oauth2.token.JWTTokenIssuer)
IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)
InvalidOAuthClientException(org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException)
Example 13 with OauthTokenIssuer
use of org.wso2.carbon.identity.oauth2.token.OauthTokenIssuer in project identity-inbound-auth-oauth by wso2-extensions.
the class AbstractAuthorizationGrantHandler method issue.
@Override
public OAuth2AccessTokenRespDTO issue(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception {
String scope = OAuth2Util.buildScopeString(tokReqMsgCtx.getScope());
String consumerKey = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getClientId();
String authorizedUserId;
try {
authorizedUserId = tokReqMsgCtx.getAuthorizedUser().getUserId();
} catch (UserIdNotFoundException e) {
throw new IdentityOAuth2Exception("User id is not available for user: " + tokReqMsgCtx.getAuthorizedUser().getLoggableUserId(), e);
}
String authenticatedIDP = OAuth2Util.getAuthenticatedIDP(tokReqMsgCtx.getAuthorizedUser());
String tokenBindingReference = getTokenBindingReference(tokReqMsgCtx);
OauthTokenIssuer oauthTokenIssuer;
try {
oauthTokenIssuer = OAuth2Util.getOAuthTokenIssuerForOAuthApp(consumerKey);
} catch (InvalidOAuthClientException e) {
throw new IdentityOAuth2Exception("Error while retrieving oauth issuer for the app with clientId: " + consumerKey, e);
}
synchronized ((consumerKey + ":" + authorizedUserId + ":" + scope + ":" + tokenBindingReference).intern()) {
AccessTokenDO existingTokenBean = null;
if (isHashDisabled) {
existingTokenBean = getExistingToken(tokReqMsgCtx, getOAuthCacheKey(scope, consumerKey, authorizedUserId, authenticatedIDP, tokenBindingReference));
}
if (existingTokenBean != null) {
if (log.isDebugEnabled()) {
log.debug("Latest access token is found in the OAuthCache for the app: " + consumerKey);
}
if (accessTokenRenewedPerRequest(oauthTokenIssuer, tokReqMsgCtx)) {
if (log.isDebugEnabled()) {
log.debug("TokenRenewalPerRequest is enabled. " + "Proceeding to revoke any existing active tokens and issue new token for client Id: " + consumerKey + ", user: " + authorizedUserId + " and scope: " + scope + ".");
}
return renewAccessToken(tokReqMsgCtx, scope, consumerKey, existingTokenBean, oauthTokenIssuer);
}
long expireTime = getAccessTokenExpiryTimeMillis(existingTokenBean);
if (isExistingTokenValid(existingTokenBean, expireTime)) {
if (log.isDebugEnabled()) {
log.debug("Existing token is active for client Id: " + consumerKey + ", user: " + authorizedUserId + " and scope: " + scope + ". Therefore issuing the same token.");
}
return issueExistingAccessToken(tokReqMsgCtx, scope, expireTime, existingTokenBean);
}
}
if (log.isDebugEnabled()) {
log.debug("No active access token found for client Id: " + consumerKey + ", user: " + authorizedUserId + " and scope: " + scope + ". Therefore issuing new token.");
}
return generateNewAccessToken(tokReqMsgCtx, scope, consumerKey, existingTokenBean, true, oauthTokenIssuer);
}
}
Also used :
OauthTokenIssuer(org.wso2.carbon.identity.oauth2.token.OauthTokenIssuer)
AccessTokenDO(org.wso2.carbon.identity.oauth2.model.AccessTokenDO)
IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)
UserIdNotFoundException(org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException)
InvalidOAuthClientException(org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException)
Example 14 with OauthTokenIssuer
use of org.wso2.carbon.identity.oauth2.token.OauthTokenIssuer in project identity-inbound-auth-oauth by wso2-extensions.
the class AbstractAuthorizationGrantHandler method generateNewAccessToken.
private OAuth2AccessTokenRespDTO generateNewAccessToken(OAuthTokenReqMessageContext tokReqMsgCtx, String scope, String consumerKey, AccessTokenDO existingTokenBean, boolean expireExistingToken, OauthTokenIssuer oauthTokenIssuer) throws IdentityOAuth2Exception {
OAuthAppDO oAuthAppBean = getoAuthApp(consumerKey);
Timestamp timestamp = new Timestamp(new Date().getTime());
long validityPeriodInMillis = getConfiguredExpiryTimeForApplication(tokReqMsgCtx, consumerKey, oAuthAppBean);
AccessTokenDO newTokenBean = createNewTokenBean(tokReqMsgCtx, oAuthAppBean, existingTokenBean, timestamp, validityPeriodInMillis, oauthTokenIssuer);
setDetailsToMessageContext(tokReqMsgCtx, validityPeriodInMillis, newTokenBean, timestamp);
/* Check whether the existing token needs to be expired and send the corresponding parameters to the
persistAccessTokenInDB method. */
if (expireExistingToken) {
// Persist the access token in database and mark the existing token as expired.
persistAccessTokenInDB(tokReqMsgCtx, existingTokenBean, newTokenBean, timestamp, newTokenBean.getAccessToken());
} else {
// Persist the access token in database without updating the existing token.
// The existing token should already be updated by this point.
persistAccessTokenInDB(tokReqMsgCtx, null, newTokenBean, timestamp, newTokenBean.getAccessToken());
}
// Update cache with newly added token.
updateCacheIfEnabled(newTokenBean, OAuth2Util.buildScopeString(tokReqMsgCtx.getScope()), oauthTokenIssuer);
return createResponseWithTokenBean(newTokenBean, validityPeriodInMillis, scope);
}
Also used :
AccessTokenDO(org.wso2.carbon.identity.oauth2.model.AccessTokenDO)
OAuthAppDO(org.wso2.carbon.identity.oauth.dao.OAuthAppDO)
Timestamp(java.sql.Timestamp)
Date(java.util.Date)
Example 15 with OauthTokenIssuer
use of org.wso2.carbon.identity.oauth2.token.OauthTokenIssuer in project identity-inbound-auth-oauth by wso2-extensions.
the class RefreshGrantHandler method createTokens.
private void createTokens(AccessTokenDO accessTokenDO, OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception {
try {
OauthTokenIssuer oauthTokenIssuer = OAuth2Util.getOAuthTokenIssuerForOAuthApp(accessTokenDO.getConsumerKey());
String accessToken = oauthTokenIssuer.accessToken(tokReqMsgCtx);
String refreshToken = oauthTokenIssuer.refreshToken(tokReqMsgCtx);
if (log.isDebugEnabled()) {
if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.ACCESS_TOKEN)) {
log.debug("New access token (hashed): " + DigestUtils.sha256Hex(accessToken) + " & new refresh token (hashed): " + DigestUtils.sha256Hex(refreshToken));
} else {
log.debug("Access token and refresh token generated.");
}
}
accessTokenDO.setAccessToken(accessToken);
accessTokenDO.setRefreshToken(refreshToken);
} catch (OAuthSystemException e) {
throw new IdentityOAuth2Exception("Error when generating the tokens.", e);
} catch (InvalidOAuthClientException e) {
throw new IdentityOAuth2Exception("Error while retrieving oauth issuer for the app with clientId: " + accessTokenDO.getConsumerKey(), e);
}
}
Also used :
OauthTokenIssuer(org.wso2.carbon.identity.oauth2.token.OauthTokenIssuer)
IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)
OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException)
InvalidOAuthClientException(org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException)
Aggregations
OauthTokenIssuer (org.wso2.carbon.identity.oauth2.token.OauthTokenIssuer)18
AccessTokenDO (org.wso2.carbon.identity.oauth2.model.AccessTokenDO)15
IdentityOAuth2Exception (org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)14
InvalidOAuthClientException (org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException)9
HashMap (java.util.HashMap)7
OAuthSystemException (org.apache.oltu.oauth2.common.exception.OAuthSystemException)7
OAuth2AuthorizeReqDTO (org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeReqDTO)6
Timestamp (java.sql.Timestamp)5
Date (java.util.Date)5
UserIdNotFoundException (org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException)5
OAuthAppDO (org.wso2.carbon.identity.oauth.dao.OAuthAppDO)5
OAuthCacheKey (org.wso2.carbon.identity.oauth.cache.OAuthCacheKey)4
OauthTokenIssuerImpl (org.wso2.carbon.identity.oauth2.token.OauthTokenIssuerImpl)4
JWTTokenIssuer (org.wso2.carbon.identity.oauth2.token.JWTTokenIssuer)3
SQLException (java.sql.SQLException)2
Map (java.util.Map)2
ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)2
Test (org.testng.annotations.Test)2
TokenIssuerDO (org.wso2.carbon.identity.oauth2.model.TokenIssuerDO)2
OAuthTokenReqMessageContext (org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext)2
