iSharkFly-Docs
/
java-tutorials
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

scope in refresh token request should be a subset of those authorized by the resource owner.

This commit is contained in:
eelhazati 2019-07-23 10:03:17 +01:00
parent 7486f1a305
commit e314cddbe6
2 changed files with 16 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
oauth2-framework-impl/oauth2-client/src/main/java/com/baeldung/oauth2/client/CallbackServlet.java
View File

@ -4,10 +4,8 @@ import org.eclipse.microprofile.config.Config;
import javax.inject.Inject;
import javax.json.JsonObject;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.client.Client;
@ -18,10 +16,9 @@ import javax.ws.rs.core.Form;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import java.io.IOException;
import java.util.Base64;
@WebServlet(urlPatterns = "/callback")
public class CallbackServlet extends HttpServlet {
public class CallbackServlet extends AbstractServlet {
@Inject
private Config config;
@ -56,24 +53,15 @@ public class CallbackServlet extends HttpServlet {
form.param("code", code);
form.param("redirect_uri", config.getValue("client.redirectUri", String.class));
try {
JsonObject tokenResponse = target.request(MediaType.APPLICATION_JSON_TYPE)
.header(HttpHeaders.AUTHORIZATION, getAuthorizationHeaderValue())
.header(HttpHeaders.AUTHORIZATION, getAuthorizationHeaderValue(clientId, clientSecret))
.post(Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE), JsonObject.class);
request.getSession().setAttribute("tokenResponse", tokenResponse);
} catch (Exception ex) {
System.out.println(ex.getMessage());
request.setAttribute("error", ex.getMessage());
}
dispatch("/", request, response);
}
private void dispatch(String location, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
RequestDispatcher requestDispatcher = request.getRequestDispatcher(location);
requestDispatcher.forward(request, response);
}
private String getAuthorizationHeaderValue() {
String clientId = config.getValue("client.clientId", String.class);
String clientSecret = config.getValue("client.clientSecret", String.class);
String token = clientId + ":" + clientSecret;
String encodedString = Base64.getEncoder().encodeToString(token.getBytes());
return "Basic " + encodedString;
}
}

5
oauth2-framework-impl/oauth2-client/src/main/java/com/baeldung/oauth2/client/RefreshTokenServlet.java
View File

@ -46,7 +46,12 @@ public class RefreshTokenServlet extends AbstractServlet {
.header(HttpHeaders.AUTHORIZATION, getAuthorizationHeaderValue(clientId, clientSecret))
.post(Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE), JsonObject.class);
String error = tokenResponse.getString("error");
if (error != null) {
request.setAttribute("error", error);
} else {
request.getSession().setAttribute("tokenResponse", tokenResponse);
}
dispatch("/", request, response);
}
}