Token exchage for an offline token now raises an IllegalArgumetException if the original token not contains `offline_access` within its scopes, required by the `v24.0.2` version of the Keycloak
This commit is contained in:
parent
dfb35bad62
commit
22013667d1
|
@ -42,6 +42,7 @@ import org.gcube.common.gxhttp.util.ContentUtils;
|
|||
import org.gcube.common.gxrest.request.GXHTTPStringRequest;
|
||||
import org.gcube.common.gxrest.response.inbound.GXInboundResponse;
|
||||
import org.gcube.common.gxrest.response.inbound.JsonUtils;
|
||||
import org.gcube.common.keycloak.model.AccessToken;
|
||||
import org.gcube.common.keycloak.model.JSONWebKeySet;
|
||||
import org.gcube.common.keycloak.model.ModelUtils;
|
||||
import org.gcube.common.keycloak.model.PublishedRealmRepresentation;
|
||||
|
@ -720,22 +721,31 @@ public class DefaultKeycloakClient implements KeycloakClient {
|
|||
null);
|
||||
}
|
||||
|
||||
// @Override
|
||||
// public TokenResponse exchangeTokenForOfflineToken(String context, String oidcAccessToken, String clientId,
|
||||
// String clientSecret, String audience) throws KeycloakClientException {
|
||||
//
|
||||
// return exchangeTokenForOfflineToken(getTokenEndpointURL(getRealmBaseURL(context)), oidcAccessToken, clientId,
|
||||
// clientSecret, audience);
|
||||
// }
|
||||
@Override
|
||||
public TokenResponse exchangeTokenForOfflineToken(String context, String oidcAccessToken, String clientId,
|
||||
String clientSecret, String audience) throws IllegalArgumentException, KeycloakClientException {
|
||||
|
||||
// @Override
|
||||
// public TokenResponse exchangeTokenForOfflineToken(URL tokenURL, String oidcAccessToken, String clientId,
|
||||
// String clientSecret, String audience) throws IllegalArgumentException, KeycloakClientException {
|
||||
//
|
||||
// // ModelUtils.getAccessTokenFrom(oidcTokenResponse).getScope().
|
||||
// return exchangeToken(tokenURL, oidcAccessToken, clientId, clientSecret, audience, REFRESH_TOKEN_TOKEN_TYPE,
|
||||
// OFFLINE_ACCESS_SCOPE);
|
||||
// }
|
||||
return exchangeTokenForOfflineToken(getTokenEndpointURL(getRealmBaseURL(context)), oidcAccessToken, clientId,
|
||||
clientSecret, audience);
|
||||
}
|
||||
|
||||
@Override
|
||||
public TokenResponse exchangeTokenForOfflineToken(URL tokenURL, String oidcAccessToken, String clientId,
|
||||
String clientSecret, String audience) throws IllegalArgumentException, KeycloakClientException {
|
||||
|
||||
AccessToken at = null;
|
||||
try {
|
||||
at = ModelUtils.getAccessTokenFrom(oidcAccessToken);
|
||||
} catch (Exception e) {
|
||||
throw new IllegalArgumentException("Impossible to parse the access token as JSON", e);
|
||||
}
|
||||
if (at.getScope().indexOf(OFFLINE_ACCESS_SCOPE) < 0) {
|
||||
logger.info("Token to be exchanged doesn't contain 'offline_token' within scopes");
|
||||
throw new IllegalArgumentException("Orignal access token doesn't contain the 'offline_token' scope");
|
||||
}
|
||||
return exchangeToken(tokenURL, oidcAccessToken, clientId, clientSecret, audience, REFRESH_TOKEN_TOKEN_TYPE,
|
||||
OFFLINE_ACCESS_SCOPE);
|
||||
}
|
||||
|
||||
/**
|
||||
* Queries from the OIDC server an exchanged token by using provided access token, for the given audience (context),
|
||||
|
|
Loading…
Reference in New Issue