Skip to content

Commit

Permalink
feat(jans-auth-server): added convenient method for up-scoping or dow…
Browse files Browse the repository at this point in the history
…n-scoping AT scopes #1218

#1218
  • Loading branch information
yuriyz committed Jun 23, 2022
1 parent 93e042a commit 5d71655
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 7 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -187,23 +187,23 @@ private void initTokenFromGrant(TokenEntity token) {
public AccessToken createAccessToken(ExecutionContext context) {
try {
final AccessToken accessToken = super.createAccessToken(context);
if (getClient().isAccessTokenAsJwt()) {
accessToken.setCode(createAccessTokenAsJwt(accessToken, context));
}
if (accessToken.getExpiresIn() < 0) {
log.trace("Failed to create access token with negative expiration time");
return null;
}

final TokenEntity tokenEntity = asToken(accessToken);
context.setAccessTokenEntity(tokenEntity);
if (getClient().isAccessTokenAsJwt()) {
accessToken.setCode(createAccessTokenAsJwt(accessToken, context));
}

boolean externalOk = externalUpdateTokenService.modifyAccessToken(accessToken, ExternalUpdateTokenContext.of(context));
if (!externalOk) {
log.trace("External script forbids access token creation.");
return null;
}

final TokenEntity tokenEntity = asToken(accessToken);
context.setAccessTokenEntity(tokenEntity);

persist(tokenEntity);
statService.reportAccessToken(getGrantType());
metricService.incCounter(MetricType.TOKEN_ACCESS_TOKEN_COUNT);
Expand All @@ -218,7 +218,7 @@ public AccessToken createAccessToken(ExecutionContext context) {
}
}

private String createAccessTokenAsJwt(AccessToken accessToken, ExecutionContext context) throws Exception {
public String createAccessTokenAsJwt(AccessToken accessToken, ExecutionContext context) throws Exception {
final User user = getUser();
final Client client = getClient();

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,18 +10,26 @@
import io.jans.as.common.service.AttributeService;
import io.jans.as.model.common.GrantType;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.jwt.Jwt;
import io.jans.as.server.model.common.AccessToken;
import io.jans.as.server.model.common.AuthorizationGrant;
import io.jans.as.server.model.common.ExecutionContext;
import io.jans.model.custom.script.conf.CustomScriptConfiguration;
import org.jetbrains.annotations.Nullable;

import jakarta.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.util.Set;

/**
* @author Yuriy Movchan
*/
public class ExternalUpdateTokenContext extends ExternalScriptContext {

private static final Logger log = LoggerFactory.getLogger(ExternalUpdateTokenContext.class);

private final Client client;
private final AuthorizationGrant grant;

Expand Down Expand Up @@ -100,4 +108,26 @@ public ExecutionContext getExecutionContext() {
public void setExecutionContext(@Nullable ExecutionContext executionContext) {
this.executionContext = executionContext;
}

// Usually expected to be called in : "def modifyAccessToken(self, accessToken, context):"
public void overwriteAccessTokenScopes(AccessToken accessToken, Set<String> newScopes) {
if (grant == null) {
return;
}

grant.setScopes(newScopes);

// re-generate access token jwt to put new scopes into jwt
if (isValidJwt(accessToken.getCode())) {
try {
accessToken.setCode(grant.createAccessTokenAsJwt(accessToken, executionContext));
} catch (Exception e) {
log.error("Failed to generate access token jwt", e);
}
}
}

private boolean isValidJwt(String jwt) {
return Jwt.parseSilently(jwt) != null;
}
}

0 comments on commit 5d71655

Please sign in to comment.