Forced refresh of access token when current scope changes

This commit is contained in:
Mauro Mugnaini 2020-12-16 15:53:26 +01:00
parent e4e7352e2c
commit fa407f471a
1 changed files with 10 additions and 4 deletions

View File

@ -113,9 +113,11 @@ public class SmartGearsPortalValve extends ValveBase {
umaToken = JWTCacheProxy.getInstance().getUMAToken(user, session); umaToken = JWTCacheProxy.getInstance().getUMAToken(user, session);
} }
if (umaToken == null || !umaToken.getAud().contains(urlEncodedScope)) { if (umaToken == null || !umaToken.getAud().contains(urlEncodedScope)) {
boolean scopeIsChanged = false;
if (umaToken == null) { if (umaToken == null) {
_log.debug("UMA token is null. Getting new one..."); _log.debug("UMA token is null. Getting new one...");
} else { } else {
scopeIsChanged = true;
_log.info("UMA token has been issued for another scope (" + umaToken.getAud() _log.info("UMA token has been issued for another scope (" + umaToken.getAud()
+ "). Getting new one for scope: " + urlEncodedScope); + "). Getting new one for scope: " + urlEncodedScope);
} }
@ -141,8 +143,12 @@ public class SmartGearsPortalValve extends ValveBase {
} }
OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request); OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request);
try { try {
if (authToken.isExpired()) { if (scopeIsChanged || authToken.isExpired()) {
if (scopeIsChanged) {
_log.info("Scope is changed, refreshing token to be sure that new grants are present");
} else {
_log.debug("OIDC token is expired, refreshing it"); _log.debug("OIDC token is expired, refreshing it");
}
try { try {
authToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(), authToken); authToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(), authToken);
} catch (Exception e) { } catch (Exception e) {
@ -155,8 +161,8 @@ public class SmartGearsPortalValve extends ValveBase {
JWTTokenUtil.putOIDCInSession(authToken, session); JWTTokenUtil.putOIDCInSession(authToken, session);
} }
_log.info("Getting UMA token from OIDC endpoint for scope: " + urlEncodedScope); _log.info("Getting UMA token from OIDC endpoint for scope: " + urlEncodedScope);
umaToken = OpenIdConnectRESTHelper.queryUMAToken(configuration.getTokenURL(), authToken.getAsBearer(), umaToken = OpenIdConnectRESTHelper.queryUMAToken(configuration.getTokenURL(),
urlEncodedScope, null); authToken.getAccessTokenAsBearer(), urlEncodedScope, null);
} catch (Exception e) { } catch (Exception e) {
_log.error("Getting UMA token from server", e); _log.error("Getting UMA token from server", e);
return; return;