Java Code Examples for org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser#setUserStoreDomain()

The following examples show how to use org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser#setUserStoreDomain() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: FIDOAuthenticator.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
private AuthenticatedUser getUsername(AuthenticationContext context) throws AuthenticationFailedException {
    //username from authentication context.
    AuthenticatedUser authenticatedUser = null;
    for (int i = 1; i <= context.getSequenceConfig().getStepMap().size(); i++) {
        StepConfig stepConfig = context.getSequenceConfig().getStepMap().get(i);
        if (stepConfig.getAuthenticatedUser() != null && stepConfig.getAuthenticatedAutenticator()
                .getApplicationAuthenticator() instanceof LocalApplicationAuthenticator) {
            authenticatedUser = stepConfig.getAuthenticatedUser();
            if (authenticatedUser.getUserStoreDomain() == null) {
                authenticatedUser.setUserStoreDomain(UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME);
            }


            if (log.isDebugEnabled()) {
                log.debug("username :" + authenticatedUser.toString());
            }
            break;
        }
    }
    if(authenticatedUser == null){
        throw new AuthenticationFailedException("Could not locate an authenticated username from previous steps " +
                "of the sequence. Hence cannot continue with FIDO authentication.");
    }
    return authenticatedUser;
}
 
Example 2
Source File: GraphBasedStepHandler.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
private AuthenticatedUser buildAuthenticatedUser(User user) {

        AuthenticatedUser authenticatedUser = new AuthenticatedUser();
        authenticatedUser.setUserName(user.getUserName());
        authenticatedUser.setTenantDomain(user.getTenantDomain());
        authenticatedUser.setUserStoreDomain(user.getUserStoreDomain());
        return authenticatedUser;
    }
 
Example 3
Source File: JsAuthenticationContextTest.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
@Test
public void testGetLastLoginFailedUserFromWrappedContext() throws Exception {

    final String LAST_ATTEMPTED_USER_USERNAME = "lastAttemptedUsername";
    final String LAST_ATTEMPTED_USER_TENANT_DOMAIN = "lastAttemptedTenantDomain";
    final String LAST_ATTEMPTED_USER_USERSTORE_DOMAIN = "lastAttemptedUserstoreDomain";

    AuthenticatedUser lastAttemptedUser = new AuthenticatedUser();
    lastAttemptedUser.setUserName(LAST_ATTEMPTED_USER_USERNAME);
    lastAttemptedUser.setTenantDomain(LAST_ATTEMPTED_USER_TENANT_DOMAIN);
    lastAttemptedUser.setUserStoreDomain(LAST_ATTEMPTED_USER_USERSTORE_DOMAIN);

    AuthenticationContext authenticationContext = new AuthenticationContext();
    authenticationContext.setProperty(FrameworkConstants.JSAttributes.JS_LAST_LOGIN_FAILED_USER, lastAttemptedUser);

    JsAuthenticationContext jsAuthenticationContext = new JsAuthenticationContext(authenticationContext);
    Bindings bindings = scriptEngine.getBindings(ScriptContext.GLOBAL_SCOPE);
    bindings.put("context", jsAuthenticationContext);

    Object result = scriptEngine.eval("context.lastLoginFailedUser");
    assertNotNull(result);
    assertTrue(result instanceof JsAuthenticatedUser);

    String username = (String) scriptEngine.eval("context.lastLoginFailedUser.username");
    assertEquals(username, LAST_ATTEMPTED_USER_USERNAME);

    String tenantDomain = (String) scriptEngine.eval("context.lastLoginFailedUser.tenantDomain");
    assertEquals(tenantDomain, LAST_ATTEMPTED_USER_TENANT_DOMAIN);

    String userStoreDomain = (String) scriptEngine.eval("context.lastLoginFailedUser.userStoreDomain");
    assertEquals(userStoreDomain, LAST_ATTEMPTED_USER_USERSTORE_DOMAIN.toUpperCase());
}
 
Example 4
Source File: OAuthAdminService.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
 * Update existing consumer application.
 *
 * @param consumerAppDTO <code>OAuthConsumerAppDTO</code> with updated application information
 * @throws IdentityOAuthAdminException Error when updating the underlying identity persistence store.
 */
public void updateConsumerApplication(OAuthConsumerAppDTO consumerAppDTO) throws IdentityOAuthAdminException {
    String userName = CarbonContext.getThreadLocalCarbonContext().getUsername();
    String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(userName);
    int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
    String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
    OAuthAppDAO dao = new OAuthAppDAO();
    OAuthAppDO oauthappdo = new OAuthAppDO();
    AuthenticatedUser user = new AuthenticatedUser();
    user.setUserName(UserCoreUtil.removeDomainFromName(tenantAwareUsername));
    user.setTenantDomain(tenantDomain);
    user.setUserStoreDomain(IdentityUtil.extractDomainFromName(userName));
    oauthappdo.setUser(user);
    oauthappdo.setOauthConsumerKey(consumerAppDTO.getOauthConsumerKey());
    oauthappdo.setOauthConsumerSecret(consumerAppDTO.getOauthConsumerSecret());
    oauthappdo.setCallbackUrl(consumerAppDTO.getCallbackUrl());
    oauthappdo.setApplicationName(consumerAppDTO.getApplicationName());
    if (OAuthConstants.OAuthVersions.VERSION_2.equals(consumerAppDTO.getOAuthVersion())) {
        List<String> allowedGrants = new ArrayList<>(Arrays.asList(getAllowedGrantTypes()));
        String[] requestGrants = consumerAppDTO.getGrantTypes().split("\\s");
        for (String requestedGrant : requestGrants) {
            if (StringUtils.isBlank(requestedGrant)) {
                continue;
            }
            if (!allowedGrants.contains(requestedGrant)) {
                throw new IdentityOAuthAdminException(requestedGrant + " not allowed");
            }
        }
        oauthappdo.setGrantTypes(consumerAppDTO.getGrantTypes());
    }
    dao.updateConsumerApplication(oauthappdo);
    if (OAuthServerConfiguration.getInstance().isCacheEnabled()) {
        appInfoCache.addToCache(oauthappdo.getOauthConsumerKey(), oauthappdo);
    }
}
 
Example 5
Source File: OAuth2Util.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
public static AuthenticatedUser getUserFromUserName(String username) throws IllegalArgumentException {
    if (StringUtils.isNotBlank(username)) {
        String tenantDomain = MultitenantUtils.getTenantDomain(username);
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(username);
        String tenantAwareUsernameWithNoUserDomain = UserCoreUtil.removeDomainFromName(tenantAwareUsername);
        String userStoreDomain = IdentityUtil.extractDomainFromName(username).toUpperCase();
        AuthenticatedUser user = new AuthenticatedUser();
        user.setUserName(tenantAwareUsernameWithNoUserDomain);
        user.setTenantDomain(tenantDomain);
        user.setUserStoreDomain(userStoreDomain);

        return user;
    }
    throw new IllegalArgumentException("Cannot create user from empty user name");
}
 
Example 6
Source File: ExtendedSAML2BearerGrantHandler.java    From carbon-apimgt with Apache License 2.0 5 votes vote down vote up
@Override
public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) {
    String isSAML2Enabled = System.getProperty(ResourceConstants.CHECK_ROLES_FROM_SAML_ASSERTION);

    // set user as federated only if CHECK_ROLES_FROM_SAML_ASSERTION system property is set
    if (Boolean.parseBoolean(isSAML2Enabled)) {
        AuthenticatedUser authenticatedUser = tokReqMsgCtx.getAuthorizedUser();
        authenticatedUser.setUserStoreDomain("FEDERATED");
        tokReqMsgCtx.setAuthorizedUser(authenticatedUser);
    }

    return ScopesIssuer.getInstance().setScopes(tokReqMsgCtx);
}
 
Example 7
Source File: SessionDataPublisherImpl.java    From carbon-apimgt with Apache License 2.0 5 votes vote down vote up
/**
 * Method to build a AuthenticatedUser type object
 * @param authenticatedUser required param
 * @return AuthenticatedUser type object
 * @throws IdentityOAuth2Exception exception
 */
private AuthenticatedUser buildAuthenticatedUser(AuthenticatedUser authenticatedUser)
        throws IdentityOAuth2Exception {

    AuthenticatedUser user = new AuthenticatedUser();
    String tenantAwareusername = authenticatedUser.getUserName();
    String tenantDomain = authenticatedUser.getTenantDomain();
    user.setUserName(UserCoreUtil.removeDomainFromName(tenantAwareusername));
    user.setTenantDomain(tenantDomain);
    user.setUserStoreDomain(IdentityUtil.extractDomainFromName(tenantAwareusername));
    user.setFederatedUser(true);
    user.setUserStoreDomain(OAuth2Util.getUserStoreForFederatedUser(authenticatedUser));
    return user;
}
 
Example 8
Source File: DefaultStepBasedSequenceHandlerTest.java    From carbon-identity-framework with Apache License 2.0 4 votes vote down vote up
@Test(dataProvider = "postAuthenticationDataProvider")
public void testHandlePostUserName(String subjectClaimUriFromAppConfig,
                                                          String spSubjectClaimValue,
                                                          boolean appendTenantDomainToSubject,
                                                          boolean appendUserStoreDomainToSubject,
                                                          String authenticatedUserNameInSequence,
                                                          String expectedSubjectIdentifier) throws Exception {

    stepBasedSequenceHandler = new DefaultStepBasedSequenceHandler();
    ApplicationConfig applicationConfig = spy(new ApplicationConfig(new ServiceProvider()));
    when(applicationConfig.getSubjectClaimUri()).thenReturn(subjectClaimUriFromAppConfig);
    when(applicationConfig.isUseTenantDomainInLocalSubjectIdentifier()).thenReturn(appendTenantDomainToSubject);
    when(applicationConfig.isUseUserstoreDomainInLocalSubjectIdentifier())
            .thenReturn(appendUserStoreDomainToSubject);

    AuthenticatedUser authenticatedUser = new AuthenticatedUser();
    authenticatedUser.setUserName(authenticatedUserNameInSequence);
    authenticatedUser.setTenantDomain(FOO_TENANT);
    authenticatedUser.setUserStoreDomain(XY_USER_STORE_DOMAIN);

    SequenceConfig sequenceConfig = spy(new SequenceConfig());
    Map<Integer, StepConfig> stepConfigMap = new HashMap<>();
    StepConfig stepConfig = spy(new StepConfig());
    when(stepConfig.getAuthenticatedUser()).thenReturn(authenticatedUser);
    when(stepConfig.isSubjectIdentifierStep()).thenReturn(false);
    when(stepConfig.isSubjectAttributeStep()).thenReturn(false);
    AuthenticatorConfig authenticatorConfig = new AuthenticatorConfig();
    authenticatorConfig.setApplicationAuthenticator(authenticator);
    when(stepConfig.getAuthenticatedAutenticator()).thenReturn(authenticatorConfig);
    stepConfigMap.put(1, stepConfig);
    sequenceConfig.setStepMap(stepConfigMap);
    sequenceConfig.setAuthenticatedUser(authenticatedUser);
    sequenceConfig.setApplicationConfig(applicationConfig);

    // SP subject claim value
    context.setProperty(FrameworkConstants.SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE, spSubjectClaimValue);
    context.setSequenceConfig(sequenceConfig);

    stepBasedSequenceHandler.handlePostAuthentication(request, response, context);

    assertEquals(context.getSequenceConfig().getAuthenticatedUser().getUserName(),
            authenticatedUserNameInSequence);
}
 
Example 9
Source File: OAuthAppDAO.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
public OAuthAppDO getAppInformation(String consumerKey) throws InvalidOAuthClientException, IdentityOAuth2Exception {
    Connection connection = IdentityDatabaseUtil.getDBConnection();
    PreparedStatement prepStmt = null;
    ResultSet rSet = null;
    OAuthAppDO oauthApp = null;

    try {
        prepStmt = connection.prepareStatement(SQLQueries.OAuthAppDAOSQLQueries.GET_APP_INFO);
        prepStmt.setString(1, persistenceProcessor.getProcessedClientId(consumerKey));

        rSet = prepStmt.executeQuery();
        List<OAuthAppDO> oauthApps = new ArrayList<>();
        /**
         * We need to determine whether the result set has more than 1 row. Meaning, we found an application for
         * the given consumer key. There can be situations where a user passed a key which doesn't yet have an
         * associated application. We need to barf with a meaningful error message for this case
         */
        boolean rSetHasRows = false;
        while (rSet.next()) {
            // There is at least one application associated with a given key
            rSetHasRows = true;
            if (rSet.getString(4) != null && rSet.getString(4).length() > 0) {
                oauthApp = new OAuthAppDO();
                oauthApp.setOauthConsumerKey(consumerKey);
                oauthApp.setOauthConsumerSecret(persistenceProcessor.getPreprocessedClientSecret(rSet.getString(1)));
                AuthenticatedUser authenticatedUser = new AuthenticatedUser();
                authenticatedUser.setUserName(rSet.getString(2));
                oauthApp.setApplicationName(rSet.getString(3));
                oauthApp.setOauthVersion(rSet.getString(4));
                oauthApp.setCallbackUrl(rSet.getString(5));
                authenticatedUser.setTenantDomain(IdentityTenantUtil.getTenantDomain(rSet.getInt(6)));
                authenticatedUser.setUserStoreDomain(rSet.getString(7));
                oauthApp.setUser(authenticatedUser);
                oauthApp.setGrantTypes(rSet.getString(8));
                oauthApp.setId(rSet.getInt(9));
                oauthApps.add(oauthApp);
            }
        }
        if (!rSetHasRows) {
            /**
             * We come here because user submitted a key that doesn't have any associated application with it.
             * We're throwing an error here because we cannot continue without this info. Otherwise it'll throw
             * a null values not supported error when it tries to cache this info
             */

            throw new InvalidOAuthClientException("Cannot find an application associated with the given consumer key : " + consumerKey);
        }
        connection.commit();
    } catch (SQLException e) {
        throw new IdentityOAuth2Exception("Error while retrieving the app information", e);
    } finally {
        IdentityDatabaseUtil.closeAllConnections(connection, rSet, prepStmt);
    }
    return oauthApp;
}
 
Example 10
Source File: OAuthAppDAO.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
public OAuthAppDO getAppInformationByAppName(String appName) throws InvalidOAuthClientException, IdentityOAuth2Exception {
    Connection connection = IdentityDatabaseUtil.getDBConnection();
    PreparedStatement prepStmt = null;
    ResultSet rSet = null;
    OAuthAppDO oauthApp = null;

    try {
        int tenantID = CarbonContext.getThreadLocalCarbonContext().getTenantId();
        prepStmt = connection.prepareStatement(SQLQueries.OAuthAppDAOSQLQueries.GET_APP_INFO_BY_APP_NAME);
        prepStmt.setString(1, appName);
        prepStmt.setInt(2, tenantID);

        rSet = prepStmt.executeQuery();
        List<OAuthAppDO> oauthApps = new ArrayList<>();
        oauthApp = new OAuthAppDO();
        oauthApp.setApplicationName(appName);
        AuthenticatedUser user = new AuthenticatedUser();
        user.setTenantDomain(IdentityTenantUtil.getTenantDomain(tenantID));
        /**
         * We need to determine whether the result set has more than 1 row. Meaning, we found an application for
         * the given consumer key. There can be situations where a user passed a key which doesn't yet have an
         * associated application. We need to barf with a meaningful error message for this case
         */
        boolean rSetHasRows = false;
        while (rSet.next()) {
            // There is at least one application associated with a given key
            rSetHasRows = true;
            if (rSet.getString(4) != null && rSet.getString(4).length() > 0) {
                oauthApp.setOauthConsumerSecret(persistenceProcessor.getPreprocessedClientSecret(rSet.getString(1)));
                user.setUserName(rSet.getString(2));
                user.setUserStoreDomain(rSet.getString(3));
                oauthApp.setUser(user);
                oauthApp.setOauthConsumerKey(persistenceProcessor.getPreprocessedClientId(rSet.getString(4)));
                oauthApp.setOauthVersion(rSet.getString(5));
                oauthApp.setCallbackUrl(rSet.getString(6));
                oauthApp.setGrantTypes(rSet.getString(7));
                oauthApp.setId(rSet.getInt(8));
                oauthApps.add(oauthApp);
            }
        }
        if (!rSetHasRows) {
            /**
             * We come here because user submitted a key that doesn't have any associated application with it.
             * We're throwing an error here because we cannot continue without this info. Otherwise it'll throw
             * a null values not supported error when it tries to cache this info
             */
            String message = "Cannot find an application associated with the given consumer key : " + appName;
            if(log.isDebugEnabled()) {
                log.debug(message);
            }
            throw new InvalidOAuthClientException(message);
        }
        connection.commit();
    } catch (SQLException e) {
        throw new IdentityOAuth2Exception("Error while retrieving the app information", e);
    } finally {
        IdentityDatabaseUtil.closeAllConnections(connection, rSet, prepStmt);
    }
    return oauthApp;
}
 
Example 11
Source File: OAuthAdminService.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
/**
 * Registers an OAuth consumer application.
 *
 * @param application <code>OAuthConsumerAppDTO</code> with application information
 * @throws Exception Error when persisting the application information to the persistence store
 */
public void registerOAuthApplicationData(OAuthConsumerAppDTO application) throws IdentityOAuthAdminException{
    String userName = CarbonContext.getThreadLocalCarbonContext().getUsername();
    if (userName != null) {
        String tenantUser = MultitenantUtils.getTenantAwareUsername(userName);
        int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
        String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();

        OAuthAppDAO dao = new OAuthAppDAO();
        OAuthAppDO app = new OAuthAppDO();
        if (application != null) {
            app.setApplicationName(application.getApplicationName());
            if ((application.getGrantTypes().contains(AUTHORIZATION_CODE) || application.getGrantTypes()
                    .contains(IMPLICIT)) && StringUtils.isEmpty(application.getCallbackUrl())) {
                throw new IdentityOAuthAdminException("Callback Url is required for Code or Implicit grant types");
            }
            app.setCallbackUrl(application.getCallbackUrl());
            if (application.getOauthConsumerKey() == null) {
                app.setOauthConsumerKey(OAuthUtil.getRandomNumber());
                app.setOauthConsumerSecret(OAuthUtil.getRandomNumber());
            } else {
                app.setOauthConsumerKey(application.getOauthConsumerKey());
                app.setOauthConsumerSecret(application.getOauthConsumerSecret());
            }
            String applicationUser = application.getUsername();
            if (applicationUser != null && applicationUser.trim().length() > 0) {
                try {
                    if (CarbonContext.getThreadLocalCarbonContext().getUserRealm().
                            getUserStoreManager().isExistingUser(application.getUsername())) {
                        tenantUser = applicationUser;
                    } else {
                        log.warn("OAuth application registrant user name " + applicationUser +
                                " does not exist in the user store. Using logged-in user name " + tenantUser +
                                " as registrant name");
                    }
                } catch (UserStoreException e) {
                    throw new IdentityOAuthAdminException("Error while retrieving the user store manager", e);
                }

            }
            AuthenticatedUser user = new AuthenticatedUser();
            user.setUserName(UserCoreUtil.removeDomainFromName(tenantUser));
            user.setTenantDomain(tenantDomain);
            user.setUserStoreDomain(IdentityUtil.extractDomainFromName(userName));
            app.setUser(user);
            if (application.getOAuthVersion() != null) {
                app.setOauthVersion(application.getOAuthVersion());
            } else {   // by default, assume OAuth 2.0, if it is not set.
                app.setOauthVersion(OAuthConstants.OAuthVersions.VERSION_2);
            }
            if (OAuthConstants.OAuthVersions.VERSION_2.equals(application.getOAuthVersion())) {
                List<String> allowedGrants = new ArrayList<>(Arrays.asList(getAllowedGrantTypes()));
                String[] requestGrants = application.getGrantTypes().split("\\s");
                for (String requestedGrant : requestGrants) {
                    if (StringUtils.isBlank(requestedGrant)){
                        continue;
                    }
                    if (!allowedGrants.contains(requestedGrant)) {
                        throw new IdentityOAuthAdminException(requestedGrant + " not allowed");
                    }
                }
                app.setGrantTypes(application.getGrantTypes());
            }
            dao.addOAuthApplication(app);
            if (OAuthServerConfiguration.getInstance().isCacheEnabled()) {
                appInfoCache.addToCache(app.getOauthConsumerKey(), app);
            }
        }
    }
}
 
Example 12
Source File: TokenMgtDAO.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
public List<AuthzCodeDO> getLatestAuthorizationCodesOfTenant(int tenantId) throws IdentityOAuth2Exception {

        //we do not support access token partitioning here
        Connection connection = IdentityDatabaseUtil.getDBConnection();;
        PreparedStatement ps = null;
        ResultSet rs = null;

        List<AuthzCodeDO> latestAuthzCodes = new ArrayList<>();
        try {
            String sqlQuery = SQLQueries.LIST_LATEST_AUTHZ_CODES_IN_TENANT;
            ps = connection.prepareStatement(sqlQuery);
            ps.setInt(1, tenantId);
            rs = ps.executeQuery();
            while (rs.next()) {
                String authzCodeId = rs.getString(1);
                String authzCode = rs.getString(2);
                String consumerKey = rs.getString(3);
                String authzUser = rs.getString(4);
                String[] scope = OAuth2Util.buildScopeArray(rs.getString(5));
                Timestamp issuedTime = rs.getTimestamp(6, Calendar.getInstance(TimeZone.getTimeZone(UTC)));
                long validityPeriodInMillis = rs.getLong(7);
                String callbackUrl = rs.getString(8);
                String userStoreDomain = rs.getString(9);

                AuthenticatedUser user = new AuthenticatedUser();
                user.setUserName(authzUser);
                user.setUserStoreDomain(userStoreDomain);
                user.setTenantDomain(OAuth2Util.getTenantDomain(tenantId));
                latestAuthzCodes.add(new AuthzCodeDO(user, scope, issuedTime, validityPeriodInMillis, callbackUrl,
                        consumerKey, authzCode, authzCodeId));
            }
            connection.commit();
        } catch (SQLException e) {
            IdentityDatabaseUtil.rollBack(connection);
            throw new IdentityOAuth2Exception("Error occurred while retrieving latest authorization codes of tenant " +
                    ":" + tenantId, e);
        } finally {
            IdentityDatabaseUtil.closeAllConnections(connection, rs, ps);
        }
        return latestAuthzCodes;
    }
 
Example 13
Source File: TokenMgtDAO.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
public List<AuthzCodeDO> getLatestAuthorizationCodesOfUserStore(int tenantId, String userStorDomain) throws
        IdentityOAuth2Exception {

    //we do not support access token partitioning here
    Connection connection = IdentityDatabaseUtil.getDBConnection();
    PreparedStatement ps = null;
    ResultSet rs = null;

    List<AuthzCodeDO> latestAuthzCodes = new ArrayList<>();
    try {
        String sqlQuery = SQLQueries.LIST_LATEST_AUTHZ_CODES_IN_USER_DOMAIN;
        ps = connection.prepareStatement(sqlQuery);
        ps.setInt(1, tenantId);
        ps.setString(2, userStorDomain.toUpperCase());
        rs = ps.executeQuery();
        while (rs.next()) {
            String authzCodeId = rs.getString(1);
            String authzCode = rs.getString(2);
            String consumerKey = rs.getString(3);
            String authzUser = rs.getString(4);
            String[] scope = OAuth2Util.buildScopeArray(rs.getString(5));
            Timestamp issuedTime = rs.getTimestamp(6, Calendar.getInstance(TimeZone.getTimeZone(UTC)));
            long validityPeriodInMillis = rs.getLong(7);
            String callbackUrl = rs.getString(8);

            AuthenticatedUser user = new AuthenticatedUser();
            user.setUserName(authzUser);
            user.setUserStoreDomain(userStorDomain);
            user.setTenantDomain(OAuth2Util.getTenantDomain(tenantId));
            latestAuthzCodes.add(new AuthzCodeDO(user, scope, issuedTime, validityPeriodInMillis, callbackUrl,
                    consumerKey, authzCode, authzCodeId));
        }
        connection.commit();
    } catch (SQLException e) {
        IdentityDatabaseUtil.rollBack(connection);
        throw new IdentityOAuth2Exception("Error occurred while retrieving latest authorization codes of user " +
                "store : " + userStorDomain + " in tenant :" + tenantId, e);
    } finally {
        IdentityDatabaseUtil.closeAllConnections(connection, rs, ps);
    }
    return latestAuthzCodes;
}