-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathRefreshTokenController.java
71 lines (64 loc) · 3.21 KB
/
RefreshTokenController.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
package com.webfleet.oauth.controller;
import com.webfleet.oauth.common.Constants;
import com.webfleet.oauth.common.KnownUrls;
import com.webfleet.oauth.service.TokenStoreService;
import com.webfleet.oauth.service.feign.Authserver;
import com.webfleet.oauth.service.feign.OAuthToken;
import feign.FeignException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpSession;
@Controller
@RequestMapping(KnownUrls.REFRESH)
public class RefreshTokenController {
private static final Logger LOG = LoggerFactory.getLogger(RefreshTokenController.class);
private final TokenStoreService tokenStoreService;
private final String clientId;
private final Authserver authserver;
public RefreshTokenController(final Authserver authserver,
final TokenStoreService tokenStoreService,
@Value("${webfleet.clientid}") final String clientId) {
this.tokenStoreService = tokenStoreService;
this.authserver = authserver;
this.clientId = clientId;
}
@RequestMapping
public String refreshToken(Principal principal, HttpSession session) {
try {
// Use refresh_token flow to obtain a new access token
final String refreshToken = tokenStoreService.getRefreshToken(principal.getName());
if (refreshToken == null) {
LOG.warn("Cannot find a refresh token");
return "redirect:" + KnownUrls.SERVICE;
}
Map<String, String> params = new HashMap<>();
// oauth authorization flow we are following, we want to request a token using an auth code flow,
// thus providing the previously obtained code
params.put("grant_type", "refresh_token");
params.put("client_id", clientId); // oauth client identifier
params.put("refresh_token", refreshToken); // refresh token for authorizing access token issuing
final OAuthToken oAuthToken = this.authserver.token(params);
// At this point we received a new access_token and refresh_token
tokenStoreService.updateRefreshToken(oAuthToken.getRefreshToken(), principal.getName());
session.setAttribute(Constants.OAUTH_ACCESS_TOKEN_SESSION_ATTRIBUTE, oAuthToken.getValue());
return "redirect:" + KnownUrls.CONSUME;
} catch (FeignException e) {
//Cannot obtain new access token
if (HttpStatus.BAD_REQUEST.value() == e.status()) {
LOG.info("Refresh token is no longer valid, either expired or grant was revoked. Deleting from storage");
tokenStoreService.deleteRefreshToken(principal.getName());
// Refresh token expired or was revoked
return KnownUrls.View.REFRESH.viewName();
}
// Allow error handler or other logic to handle the error
throw e;
}
}
}