Forced refresh of access token when current scope changes #3
|
@ -113,9 +113,11 @@ public class SmartGearsPortalValve extends ValveBase {
|
|||
umaToken = JWTCacheProxy.getInstance().getUMAToken(user, session);
|
||||
}
|
||||
if (umaToken == null || !umaToken.getAud().contains(urlEncodedScope)) {
|
||||
boolean scopeIsChanged = false;
|
||||
if (umaToken == null) {
|
||||
_log.debug("UMA token is null. Getting new one...");
|
||||
} else {
|
||||
scopeIsChanged = true;
|
||||
_log.info("UMA token has been issued for another scope (" + umaToken.getAud()
|
||||
+ "). Getting new one for scope: " + urlEncodedScope);
|
||||
}
|
||||
|
@ -141,8 +143,12 @@ public class SmartGearsPortalValve extends ValveBase {
|
|||
}
|
||||
OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request);
|
||||
try {
|
||||
if (authToken.isExpired()) {
|
||||
_log.debug("OIDC token is expired, refreshing it");
|
||||
if (scopeIsChanged || authToken.isExpired()) {
|
||||
if (scopeIsChanged) {
|
||||
_log.info("Scope is changed, refreshing token to be sure that new grants are present");
|
||||
} else {
|
||||
_log.debug("OIDC token is expired, refreshing it");
|
||||
}
|
||||
try {
|
||||
authToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(), authToken);
|
||||
} catch (Exception e) {
|
||||
|
@ -155,8 +161,8 @@ public class SmartGearsPortalValve extends ValveBase {
|
|||
JWTTokenUtil.putOIDCInSession(authToken, session);
|
||||
}
|
||||
_log.info("Getting UMA token from OIDC endpoint for scope: " + urlEncodedScope);
|
||||
umaToken = OpenIdConnectRESTHelper.queryUMAToken(configuration.getTokenURL(), authToken.getAsBearer(),
|
||||
urlEncodedScope, null);
|
||||
umaToken = OpenIdConnectRESTHelper.queryUMAToken(configuration.getTokenURL(),
|
||||
authToken.getAccessTokenAsBearer(), urlEncodedScope, null);
|
||||
} catch (Exception e) {
|
||||
_log.error("Getting UMA token from server", e);
|
||||
return;
|
||||
|
|
Loading…
Reference in New Issue