iSharkFly-Docs/java-tutorials
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

scope in refresh token request should be a subset of those authorized by the resource owner.

Browse Source
This commit is contained in:
eelhazati 2019-07-23 09:24:25 +01:00
parent b6de1db857
commit 7486f1a305
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
oauth2-framework-impl/oauth2-authorization-server/src/main/java/com/baeldung/oauth2/authorization/server/handler/RefreshTokenGrantTypeHandler.java
View File

@ -8,7 +8,10 @@ import javax.json.Json;
import javax.json.JsonObject; import javax.json.JsonObject;
import javax.ws.rs.WebApplicationException; import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.MultivaluedMap;
import java.util.*; import java.util.Arrays;
import java.util.Date;
import java.util.HashSet;
import java.util.Set;
@Named("refresh_token") @Named("refresh_token")
public class RefreshTokenGrantTypeHandler extends AbstractGrantTypeHandler { public class RefreshTokenGrantTypeHandler extends AbstractGrantTypeHandler {
@ -40,24 +43,23 @@ public class RefreshTokenGrantTypeHandler extends AbstractGrantTypeHandler {
String subject = signedRefreshToken.getJWTClaimsSet().getSubject(); String subject = signedRefreshToken.getJWTClaimsSet().getSubject();
String approvedScopes = signedRefreshToken.getJWTClaimsSet().getStringClaim("scope"); String approvedScopes = signedRefreshToken.getJWTClaimsSet().getStringClaim("scope");
String finalScope = approvedScopes;
String requestedScopes = params.getFirst("scope"); String requestedScopes = params.getFirst("scope");
if (requestedScopes != null && !requestedScopes.isEmpty()) { if (requestedScopes != null && !requestedScopes.isEmpty()) {
Set<String> allowedScopes = new LinkedHashSet<>();
Set<String> rScopes = new HashSet(Arrays.asList(requestedScopes.split(" "))); Set<String> rScopes = new HashSet(Arrays.asList(requestedScopes.split(" ")));
Set<String> aScopes = new HashSet(Arrays.asList(approvedScopes.split(" "))); Set<String> aScopes = new HashSet(Arrays.asList(approvedScopes.split(" ")));
for (String scope : rScopes) { if (!aScopes.containsAll(rScopes)) {
if (aScopes.contains(scope)) allowedScopes.add(scope); throw new WebApplicationException("Requested scopes should be a subset of those authorized by the resource owner.");
} }
finalScope = String.join(" ", allowedScopes); } else {
requestedScopes = approvedScopes;
} }
String accessToken = getAccessToken(clientId, subject, finalScope); String accessToken = getAccessToken(clientId, subject, requestedScopes);
return Json.createObjectBuilder() return Json.createObjectBuilder()
.add("token_type", "Bearer") .add("token_type", "Bearer")
.add("access_token", accessToken) .add("access_token", accessToken)
.add("expires_in", expiresInMin * 60) .add("expires_in", expiresInMin * 60)
.add("scope", finalScope) .add("scope", requestedScopes)
.add("refresh_token", refreshToken) .add("refresh_token", refreshToken)
.build(); .build();
} }