Java Code Examples for org.wso2.carbon.identity.oauth2.util.OAuth2Util#getUserStoreDomainFromUserId()

The following examples show how to use org.wso2.carbon.identity.oauth2.util.OAuth2Util#getUserStoreDomainFromUserId() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: RefreshGrantHandler.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx)
        throws IdentityOAuth2Exception {

    if(!super.validateGrant(tokReqMsgCtx)){
        return false;
    }

    OAuth2AccessTokenReqDTO tokenReqDTO = tokReqMsgCtx.getOauth2AccessTokenReqDTO();

    String refreshToken = tokenReqDTO.getRefreshToken();

    RefreshTokenValidationDataDO validationDataDO = tokenMgtDAO.validateRefreshToken(
            tokenReqDTO.getClientId(), refreshToken);

    if (validationDataDO.getAccessToken() == null) {
        log.debug("Invalid Refresh Token provided for Client with " +
                "Client Id : " + tokenReqDTO.getClientId());
        return false;
    }

    if (validationDataDO.getRefreshTokenState() != null &&
            !OAuthConstants.TokenStates.TOKEN_STATE_ACTIVE.equals(
                    validationDataDO.getRefreshTokenState()) &&
            !OAuthConstants.TokenStates.TOKEN_STATE_EXPIRED.equals(
                    validationDataDO.getRefreshTokenState())) {
        if(log.isDebugEnabled()) {
            log.debug("Access Token is not in 'ACTIVE' or 'EXPIRED' state for Client with " +
                    "Client Id : " + tokenReqDTO.getClientId());
        }
        return false;
    }

    String userStoreDomain = null;
    if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) {
        try {
            userStoreDomain = OAuth2Util.getUserStoreDomainFromUserId(validationDataDO.getAuthorizedUser().toString());
        } catch (IdentityOAuth2Exception e) {
            String errorMsg = "Error occurred while getting user store domain for User ID : " + validationDataDO.getAuthorizedUser();
            log.error(errorMsg, e);
            throw new IdentityOAuth2Exception(errorMsg, e);
        }
    }

    AccessTokenDO accessTokenDO = tokenMgtDAO.retrieveLatestAccessToken(tokenReqDTO.getClientId(),
            validationDataDO.getAuthorizedUser(),
            userStoreDomain, OAuth2Util.buildScopeString(validationDataDO.getScope()), true);

    if (accessTokenDO == null){
        if(log.isDebugEnabled()){
            log.debug("Error while retrieving the latest refresh token");
        }
        return false;
    }else if(!refreshToken.equals(accessTokenDO.getRefreshToken())){
        if(log.isDebugEnabled()){
            log.debug("Refresh token is not the latest.");
        }
        return false;
    }

    if (log.isDebugEnabled()) {
        log.debug("Refresh token validation successful for " +
                "Client id : " + tokenReqDTO.getClientId() +
                ", Authorized User : " + validationDataDO.getAuthorizedUser() +
                ", Token Scope : " + OAuth2Util.buildScopeString(validationDataDO.getScope()));
    }

    tokReqMsgCtx.setAuthorizedUser(validationDataDO.getAuthorizedUser());
    tokReqMsgCtx.setScope(validationDataDO.getScope());
    // Store the old access token as a OAuthTokenReqMessageContext property, this is already
    // a preprocessed token.
    tokReqMsgCtx.addProperty(PREV_ACCESS_TOKEN, validationDataDO);
    return true;
}