|
|
|
@ -150,10 +150,16 @@ public final class OAuth2AuthorizationCodeAuthenticationProvider implements Auth |
|
|
|
|
|
|
|
|
|
|
|
if (!authorizationCode.isActive()) { |
|
|
|
if (!authorizationCode.isActive()) { |
|
|
|
if (authorizationCode.isInvalidated()) { |
|
|
|
if (authorizationCode.isInvalidated()) { |
|
|
|
authorization = OAuth2AuthenticationProviderUtils.invalidate(authorization, authorizationCode.getToken()); |
|
|
|
OAuth2Token token = authorization.getRefreshToken() != null ? |
|
|
|
this.authorizationService.save(authorization); |
|
|
|
authorization.getRefreshToken().getToken() : |
|
|
|
if (this.logger.isWarnEnabled()) { |
|
|
|
authorization.getAccessToken().getToken(); |
|
|
|
this.logger.warn(LogMessage.format("Invalidated authorization tokens previously issued based on the authorization code")); |
|
|
|
if (token != null) { |
|
|
|
|
|
|
|
// Invalidate the access (and refresh) token as the client is attempting to use the authorization code more than once
|
|
|
|
|
|
|
|
authorization = OAuth2AuthenticationProviderUtils.invalidate(authorization, token); |
|
|
|
|
|
|
|
this.authorizationService.save(authorization); |
|
|
|
|
|
|
|
if (this.logger.isWarnEnabled()) { |
|
|
|
|
|
|
|
this.logger.warn(LogMessage.format("Invalidated authorization token(s) previously issued to registered client '%s'", registeredClient.getId())); |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_GRANT); |
|
|
|
throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_GRANT); |
|
|
|
@ -176,12 +182,7 @@ public final class OAuth2AuthorizationCodeAuthenticationProvider implements Auth |
|
|
|
.authorizationGrant(authorizationCodeAuthentication); |
|
|
|
.authorizationGrant(authorizationCodeAuthentication); |
|
|
|
// @formatter:on
|
|
|
|
// @formatter:on
|
|
|
|
|
|
|
|
|
|
|
|
// @formatter:off
|
|
|
|
OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.from(authorization); |
|
|
|
OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.from(authorization) |
|
|
|
|
|
|
|
// Invalidate the authorization code as it can only be used once
|
|
|
|
|
|
|
|
.token(authorizationCode.getToken(), metadata -> |
|
|
|
|
|
|
|
metadata.put(OAuth2Authorization.Token.INVALIDATED_METADATA_NAME, true)); |
|
|
|
|
|
|
|
// @formatter:on
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// ----- Access token -----
|
|
|
|
// ----- Access token -----
|
|
|
|
OAuth2TokenContext tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.ACCESS_TOKEN).build(); |
|
|
|
OAuth2TokenContext tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.ACCESS_TOKEN).build(); |
|
|
|
@ -262,6 +263,9 @@ public final class OAuth2AuthorizationCodeAuthenticationProvider implements Auth |
|
|
|
|
|
|
|
|
|
|
|
authorization = authorizationBuilder.build(); |
|
|
|
authorization = authorizationBuilder.build(); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Invalidate the authorization code as it can only be used once
|
|
|
|
|
|
|
|
authorization = OAuth2AuthenticationProviderUtils.invalidate(authorization, authorizationCode.getToken()); |
|
|
|
|
|
|
|
|
|
|
|
this.authorizationService.save(authorization); |
|
|
|
this.authorizationService.save(authorization); |
|
|
|
|
|
|
|
|
|
|
|
if (this.logger.isTraceEnabled()) { |
|
|
|
if (this.logger.isTraceEnabled()) { |
|
|
|
@ -314,4 +318,5 @@ public final class OAuth2AuthorizationCodeAuthenticationProvider implements Auth |
|
|
|
} |
|
|
|
} |
|
|
|
return sessionInformation; |
|
|
|
return sessionInformation; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
Joe Grandja
3 years ago