org.forgerock.openam.oauth2

Class OpenAMTokenStore

java.lang.Object

org.forgerock.openam.oauth2.OpenAMTokenStore

All Implemented Interfaces:

TokenStore, OpenIdConnectTokenStore

@Singleton
public class OpenAMTokenStore
extends Object
implements OpenIdConnectTokenStore

Implementation of the OpenId Connect Token Store which the OpenId Connect Provider will implement.

Since:

12.0.0

Field Summary

Fields inherited from interface org.forgerock.oauth2.core.TokenStore

REALM_AGNOSTIC_TOKEN_STORE

Constructor Summary

Constructors

Constructor and Description
OpenAMTokenStore(StatefulTokenStore statefulTokenStore, StatelessTokenStore statelessTokenStore, StatelessCheck<Boolean> statelessCheck)

Method Summary

Modifier and Type	Method and Description
AccessToken	createAccessToken(String grantType, String accessTokenType, String authorizationCode, String resourceOwnerId, String clientId, String redirectUri, Set<String> scope, RefreshToken refreshToken, String nonce, String claims, OAuth2Request request) Creates an Access Token and stores it in the OAuth2 Provider's store.
AccessToken	createAccessToken(String grantType, String accessTokenType, String authorizationCode, String resourceOwnerId, String clientId, String redirectUri, Set<String> scope, RefreshToken refreshToken, String nonce, String claims, OAuth2Request request, long authTime) Creates an Access Token and stores it in the OAuth2 Provider's store.
AuthorizationCode	createAuthorizationCode(Set<String> scope, ResourceOwner resourceOwner, String clientId, String redirectUri, String nonce, OAuth2Request request, String codeChallenge, String codeChallengeMethod) Creates an Authorization Code and stores it in the OAuth2 Provider's store.
DeviceCode	createDeviceCode(Set<String> scope, ResourceOwner resourceOwner, String clientId, String nonce, String responseType, String state, String acrValues, String prompt, String uiLocales, String loginHint, Integer maxAge, String claims, OAuth2Request request, String codeChallenge, String codeChallengeMethod) Creates a new device code token.
OpenIdConnectToken	createOpenIDToken(ResourceOwner resourceOwner, String clientId, String authorizationParty, String nonce, String ops, OAuth2Request request) Creates an OpenId Connect token and stores it in the OpenId Connect Provider's store.
RefreshToken	createRefreshToken(String grantType, String clientId, String resourceOwnerId, String redirectUri, Set<String> scope, OAuth2Request request) Creates a Refresh Token and stores it in the OAuth2 Provider's store.
RefreshToken	createRefreshToken(String grantType, String clientId, String resourceOwnerId, String redirectUri, Set<String> scope, OAuth2Request request, String validatedClaims) Creates a Refresh Token and stores it in the OAuth2 Provider's store.
RefreshToken	createRefreshToken(String grantType, String clientId, String resourceOwnerId, String redirectUri, Set<String> scope, OAuth2Request request, String validatedClaims, long authTime) Creates a Refresh Token and stores it in the OAuth2 Provider's store.
RefreshToken	createRefreshToken(String grantType, String clientId, String resourceOwnerId, String redirectUri, Set<String> scope, OAuth2Request request, String validatedClaims, String authGrantId) Creates a Refresh Token and stores it in the OAuth2 Provider's store.
RefreshToken	createRefreshToken(String grantType, String clientId, String resourceOwnerId, String redirectUri, Set<String> scope, OAuth2Request request, String validatedClaims, String authGrantId, long authTime) Creates a Refresh Token and stores it in the OAuth2 Provider's store.
void	delete(String realm, String tokenId) Deletes the Token from the OAuth2 Provider's store with the specified identifier.
void	deleteAccessToken(OAuth2Request request, String accessTokenId) Deletes an Access Token from the OAuth2 Provider's store.
void	deleteAuthorizationCode(OAuth2Request request, String authorizationCode) Deletes an Authorization Code from the OAuth2 Provider's store.
void	deleteDeviceCode(String clientId, String code, OAuth2Request request) Deletes a device code token.
void	deleteRefreshToken(OAuth2Request request, String refreshTokenId) Deletes a Refresh Token from the OAuth2 Provider's store.
org.forgerock.json.JsonValue	queryForToken(String realm, org.forgerock.util.query.QueryFilter<CoreTokenField> queryFilter) Queries the OAuth2 Provider's store for tokens.
org.forgerock.json.JsonValue	read(String tokenId) Reads the Token from the OAuth2 Provider's store with the specified identifier.
AccessToken	readAccessToken(OAuth2Request request, String tokenId) Reads an Access Token from the OAuth2 Provider's store with the specified identifier.
AuthorizationCode	readAuthorizationCode(OAuth2Request request, String code) Creates an Authorization Code and stores it in the OAuth2 Provider's store.
DeviceCode	readDeviceCode(String userCode, OAuth2Request request) Reads a device code token.
DeviceCode	readDeviceCode(String clientId, String code, OAuth2Request request) Reads a device code token.
RefreshToken	readRefreshToken(OAuth2Request request, String tokenId) Reads a Refresh Token from the OAuth2 Provider's store with the specified identifier.
void	updateAccessToken(OAuth2Request request, AccessToken accessToken) Updates an Access Token.
void	updateAuthorizationCode(OAuth2Request request, AuthorizationCode authorizationCode) Updates an Authorization Code.
void	updateDeviceCode(DeviceCode code, OAuth2Request request) Updates a device code token.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OpenAMTokenStore

@Inject
public OpenAMTokenStore(StatefulTokenStore statefulTokenStore,
                                StatelessTokenStore statelessTokenStore,
                                StatelessCheck<Boolean> statelessCheck)

Method Detail

createAuthorizationCode

public AuthorizationCode createAuthorizationCode(Set<String> scope,
                                                 ResourceOwner resourceOwner,
                                                 String clientId,
                                                 String redirectUri,
                                                 String nonce,
                                                 OAuth2Request request,
                                                 String codeChallenge,
                                                 String codeChallengeMethod)
                                          throws ServerException,
                                                 NotFoundException

Description copied from interface: TokenStore

Creates an Authorization Code and stores it in the OAuth2 Provider's store.

Specified by:

createAuthorizationCode in interface TokenStore

Parameters:

scope - The requested scope.

resourceOwner - The resource owner.

clientId - The client's id.

redirectUri - The redirect uri.

nonce - The nonce.

request - The OAuth2 request.

Returns:

An AuthorizationCode.

Throws:

ServerException - If any internal server error occurs.

NotFoundException - If the realm does not have an OAuth 2.0 provider service.

createOpenIDToken

public OpenIdConnectToken createOpenIDToken(ResourceOwner resourceOwner,
                                            String clientId,
                                            String authorizationParty,
                                            String nonce,
                                            String ops,
                                            OAuth2Request request)
                                     throws ServerException,
                                            InvalidClientException,
                                            NotFoundException

Description copied from interface: OpenIdConnectTokenStore

Creates an OpenId Connect token and stores it in the OpenId Connect Provider's store.

Specified by:

createOpenIDToken in interface OpenIdConnectTokenStore

Parameters:

resourceOwner - The resource owner.

clientId - The client's id.

authorizationParty - The authorization party.

nonce - The nonce.

ops - The ops.

request - The OAuth2 request.

Returns:

An OpenIdConnectToken.

Throws:

ServerException - If any internal server error occurs.

InvalidClientException - If either the request does not contain the client's id or the client fails to be authenticated.

NotFoundException - If the realm does not have an OAuth 2.0 provider service.

createAccessToken

public AccessToken createAccessToken(String grantType,
                                     String accessTokenType,
                                     String authorizationCode,
                                     String resourceOwnerId,
                                     String clientId,
                                     String redirectUri,
                                     Set<String> scope,
                                     RefreshToken refreshToken,
                                     String nonce,
                                     String claims,
                                     OAuth2Request request)
                              throws ServerException,
                                     NotFoundException

Description copied from interface: TokenStore

Creates an Access Token and stores it in the OAuth2 Provider's store.

Specified by:

createAccessToken in interface TokenStore

Parameters:

grantType - The grant type.

accessTokenType - The access token type.

authorizationCode - The authorization code.

resourceOwnerId - The resource owner's id.

clientId - The client's id.

redirectUri - The redirect uri.

scope - The requested scope.

refreshToken - The refresh token. May be null.

nonce - The nonce.

claims - Additional claims requested (for id_token or userinfo).

request - The OAuth2 request.

Returns:

An Access Token.

Throws:

ServerException - If any internal server error occurs.

NotFoundException - If the realm does not have an OAuth 2.0 provider service.

createAccessToken

public AccessToken createAccessToken(String grantType,
                                     String accessTokenType,
                                     String authorizationCode,
                                     String resourceOwnerId,
                                     String clientId,
                                     String redirectUri,
                                     Set<String> scope,
                                     RefreshToken refreshToken,
                                     String nonce,
                                     String claims,
                                     OAuth2Request request,
                                     long authTime)
                              throws ServerException,
                                     NotFoundException

Description copied from interface: TokenStore

Creates an Access Token and stores it in the OAuth2 Provider's store.

Specified by:

createAccessToken in interface TokenStore

Parameters:

grantType - The grant type.

accessTokenType - The access token type.

authorizationCode - The authorization code.

resourceOwnerId - The resource owner's id.

clientId - The client's id.

redirectUri - The redirect uri.

scope - The requested scope.

refreshToken - The refresh token. May be null.

nonce - The nonce.

claims - Additional claims requested (for id_token or userinfo).

request - The OAuth2 request.

authTime - The end user's authentication time.

Returns:

An Access Token.

Throws:

ServerException - If any internal server error occurs.

NotFoundException - If the realm does not have an OAuth 2.0 provider service.

createRefreshToken

public RefreshToken createRefreshToken(String grantType,
                                       String clientId,
                                       String resourceOwnerId,
                                       String redirectUri,
                                       Set<String> scope,
                                       OAuth2Request request)
                                throws ServerException,
                                       NotFoundException

Description copied from interface: TokenStore

Creates a Refresh Token and stores it in the OAuth2 Provider's store.

Specified by:

createRefreshToken in interface TokenStore

Parameters:

grantType - The OAuth2 Grant Type.

clientId - The client's id.

resourceOwnerId - The resource owner's Id.

redirectUri - The redirect uri.

scope - The requested scope.

request - The OAuth2 request.

Returns:

A RefreshToken

Throws:

ServerException - If any internal server error occurs.

NotFoundException - If the realm does not have an OAuth 2.0 provider service.

createRefreshToken

public RefreshToken createRefreshToken(String grantType,
                                       String clientId,
                                       String resourceOwnerId,
                                       String redirectUri,
                                       Set<String> scope,
                                       OAuth2Request request,
                                       String validatedClaims)
                                throws ServerException,
                                       NotFoundException

Description copied from interface: TokenStore

Creates a Refresh Token and stores it in the OAuth2 Provider's store.

Specified by:

createRefreshToken in interface TokenStore

Parameters:

grantType - The OAuth2 Grant Type.

clientId - The client's id.

resourceOwnerId - The resource owner's Id.

redirectUri - The redirect uri.

scope - The requested scope.

request - The OAuth2 request.

validatedClaims - The validated claims.

Returns:

A RefreshToken

Throws:

ServerException - If any internal server error occurs.

NotFoundException - If the realm does not have an OAuth 2.0 provider service.

createRefreshToken

public RefreshToken createRefreshToken(String grantType,
                                       String clientId,
                                       String resourceOwnerId,
                                       String redirectUri,
                                       Set<String> scope,
                                       OAuth2Request request,
                                       String validatedClaims,
                                       long authTime)
                                throws ServerException,
                                       NotFoundException

Description copied from interface: TokenStore

Creates a Refresh Token and stores it in the OAuth2 Provider's store.

Specified by:

createRefreshToken in interface TokenStore

Parameters:

grantType - The OAuth2 Grant Type.

clientId - The client's id.

resourceOwnerId - The resource owner's Id.

redirectUri - The redirect uri.

scope - The requested scope.

request - The OAuth2 request.

validatedClaims - The validated claims.

authTime - The end user's authentication time.

Returns:

A RefreshToken

Throws:

ServerException - If any internal server error occurs.

NotFoundException - If the realm does not have an OAuth 2.0 provider service.

createRefreshToken

public RefreshToken createRefreshToken(String grantType,
                                       String clientId,
                                       String resourceOwnerId,
                                       String redirectUri,
                                       Set<String> scope,
                                       OAuth2Request request,
                                       String validatedClaims,
                                       String authGrantId)
                                throws ServerException,
                                       NotFoundException

Description copied from interface: TokenStore

Creates a Refresh Token and stores it in the OAuth2 Provider's store.

Specified by:

createRefreshToken in interface TokenStore

Parameters:

grantType - The OAuth2 Grant Type.

clientId - The client's id.

resourceOwnerId - The resource owner's Id.

redirectUri - The redirect uri.

scope - The requested scope.

request - The OAuth2 request.

validatedClaims - The validated claims.

authGrantId - The authorization grant Id.

Returns:

A RefreshToken

Throws:

ServerException - If any internal server error occurs.

NotFoundException - If the realm does not have an OAuth 2.0 provider service.

createRefreshToken

public RefreshToken createRefreshToken(String grantType,
                                       String clientId,
                                       String resourceOwnerId,
                                       String redirectUri,
                                       Set<String> scope,
                                       OAuth2Request request,
                                       String validatedClaims,
                                       String authGrantId,
                                       long authTime)
                                throws ServerException,
                                       NotFoundException

Description copied from interface: TokenStore

Creates a Refresh Token and stores it in the OAuth2 Provider's store.

Specified by:

createRefreshToken in interface TokenStore

Parameters:

grantType - The OAuth2 Grant Type.

clientId - The client's id.

resourceOwnerId - The resource owner's Id.

redirectUri - The redirect uri.

scope - The requested scope.

request - The OAuth2 request.

validatedClaims - The validated claims.

authGrantId - The authorization grant Id.

authTime - The end user's authentication time.

Returns:

A RefreshToken

Throws:

ServerException - If any internal server error occurs.

NotFoundException - If the realm does not have an OAuth 2.0 provider service.

readAuthorizationCode

public AuthorizationCode readAuthorizationCode(OAuth2Request request,
                                               String code)
                                        throws InvalidGrantException,
                                               ServerException,
                                               NotFoundException

Description copied from interface: TokenStore

Creates an Authorization Code and stores it in the OAuth2 Provider's store.

Specified by:

readAuthorizationCode in interface TokenStore

Parameters:

request - The current request.

code - The authorization code identifier.

Returns:

The Authorization Code.

Throws:

InvalidGrantException - If a problem occurs whilst retrieving the Authorization Code or if the read token is not an Authorization Code.

ServerException - If any internal server error occurs.

NotFoundException - If the requested realm does not exist.

updateAuthorizationCode

public void updateAuthorizationCode(OAuth2Request request,
                                    AuthorizationCode authorizationCode)
                             throws NotFoundException,
                                    ServerException

Description copied from interface: TokenStore

Updates an Authorization Code.

Specified by:

updateAuthorizationCode in interface TokenStore

Parameters:

request - The current request.

authorizationCode - The authorization code.

Throws:

NotFoundException - If the requested realm does not exist.

ServerException - If the authorization code could not be updated.

updateAccessToken

public void updateAccessToken(OAuth2Request request,
                              AccessToken accessToken)
                       throws NotFoundException,
                              ServerException

Description copied from interface: TokenStore

Updates an Access Token.

Specified by:

updateAccessToken in interface TokenStore

Parameters:

request - The current request.

accessToken - The access token.

Throws:

NotFoundException - If the requested realm does not exist.

ServerException - If the token could not be updated.

deleteAuthorizationCode

public void deleteAuthorizationCode(OAuth2Request request,
                                    String authorizationCode)
                             throws NotFoundException,
                                    ServerException

Description copied from interface: TokenStore

Deletes an Authorization Code from the OAuth2 Provider's store.

Specified by:

deleteAuthorizationCode in interface TokenStore

Parameters:

request - The current request.

authorizationCode - The authorization code.

Throws:

NotFoundException - If the requested realm does not exist.

ServerException - If the authorization code could not be deleted.

deleteAccessToken

public void deleteAccessToken(OAuth2Request request,
                              String accessTokenId)
                       throws ServerException,
                              NotFoundException

Description copied from interface: TokenStore

Deletes an Access Token from the OAuth2 Provider's store.

Specified by:

deleteAccessToken in interface TokenStore

Parameters:

request - The current request.

accessTokenId - The access token identifier.

Throws:

ServerException - If the token could not be deleted.

NotFoundException - If the requested realm does not exist.

deleteRefreshToken

public void deleteRefreshToken(OAuth2Request request,
                               String refreshTokenId)
                        throws InvalidRequestException,
                               NotFoundException,
                               ServerException

Description copied from interface: TokenStore

Deletes a Refresh Token from the OAuth2 Provider's store.

Specified by:

deleteRefreshToken in interface TokenStore

Parameters:

request - The current request.

refreshTokenId - The refresh token identifier.

Throws:

InvalidRequestException - If the token could not be deleted.

NotFoundException - If the requested realm does not exist.

ServerException - If the token could not be deleted.

readAccessToken

public AccessToken readAccessToken(OAuth2Request request,
                                   String tokenId)
                            throws ServerException,
                                   InvalidGrantException,
                                   NotFoundException

Description copied from interface: TokenStore

Reads an Access Token from the OAuth2 Provider's store with the specified identifier.

Specified by:

readAccessToken in interface TokenStore

Parameters:

request - The current request.

tokenId - The token identifier.

Returns:

The Access Token.

Throws:

ServerException - If the token could not be read by the server.

InvalidGrantException - If the token is not an Access Token.

NotFoundException - If the requested realm does not exist.

readRefreshToken

public RefreshToken readRefreshToken(OAuth2Request request,
                                     String tokenId)
                              throws ServerException,
                                     InvalidGrantException,
                                     NotFoundException

Description copied from interface: TokenStore

Reads a Refresh Token from the OAuth2 Provider's store with the specified identifier.

Specified by:

readRefreshToken in interface TokenStore

Parameters:

request - The current request.

tokenId - The token identifier.

Returns:

The Refresh Token.

Throws:

ServerException - If the token could not be read by the server.

InvalidGrantException - If the token is not a Refresh Token.

NotFoundException - If the requested realm does not exist.

createDeviceCode

public DeviceCode createDeviceCode(Set<String> scope,
                                   ResourceOwner resourceOwner,
                                   String clientId,
                                   String nonce,
                                   String responseType,
                                   String state,
                                   String acrValues,
                                   String prompt,
                                   String uiLocales,
                                   String loginHint,
                                   Integer maxAge,
                                   String claims,
                                   OAuth2Request request,
                                   String codeChallenge,
                                   String codeChallengeMethod)
                            throws ServerException,
                                   NotFoundException

Description copied from interface: TokenStore

Creates a new device code token.

Specified by:

createDeviceCode in interface TokenStore

Parameters:

scope - The scope of the requested access token.

resourceOwner - The resource owner ID.

clientId - The client ID.

nonce - The nonce for the ID token.

responseType - The response type string.

state - The client-side state token.

acrValues - The requested ACR values.

prompt - The prompt request parameter.

uiLocales - The ui_locales request parameter.

loginHint - The login_hint request parameter.

maxAge - The max_age request parameter.

claims - The claims request parameter for ID token claims.

request - The request.

codeChallenge - The submitted code challenge.

codeChallengeMethod - The code challenge method.

Returns:

The created device code object.

Throws:

ServerException - If there was an error in constructing the code.

NotFoundException - If the realm does not have an OAuth2Provider configured.

readDeviceCode

public DeviceCode readDeviceCode(String clientId,
                                 String code,
                                 OAuth2Request request)
                          throws ServerException,
                                 NotFoundException,
                                 InvalidGrantException

Description copied from interface: TokenStore

Reads a device code token.

Specified by:

readDeviceCode in interface TokenStore

Parameters:

clientId - The client ID.

code - The device code.

request - The request.

Returns:

The device code object.

Throws:

ServerException - If there was an error in constructing the code.

NotFoundException - If the realm does not have an OAuth2Provider configured.

InvalidGrantException

readDeviceCode

public DeviceCode readDeviceCode(String userCode,
                                 OAuth2Request request)
                          throws ServerException,
                                 NotFoundException,
                                 InvalidGrantException

Description copied from interface: TokenStore

Reads a device code token.

Specified by:

readDeviceCode in interface TokenStore

Parameters:

userCode - The device code's user code.

request - The request.

Returns:

The device code object.

Throws:

ServerException - If there was an error in constructing the code.

NotFoundException - If the realm does not have an OAuth2Provider configured.

InvalidGrantException

updateDeviceCode

public void updateDeviceCode(DeviceCode code,
                             OAuth2Request request)
                      throws ServerException,
                             NotFoundException,
                             InvalidGrantException

Description copied from interface: TokenStore

Updates a device code token.

Specified by:

updateDeviceCode in interface TokenStore

Parameters:

code - The device code object.

request - The request.

Throws:

ServerException - If there was an error in constructing the code.

NotFoundException - If the realm does not have an OAuth2Provider configured.

InvalidGrantException

deleteDeviceCode

public void deleteDeviceCode(String clientId,
                             String code,
                             OAuth2Request request)
                      throws ServerException,
                             NotFoundException,
                             InvalidGrantException

Description copied from interface: TokenStore

Deletes a device code token.

Specified by:

deleteDeviceCode in interface TokenStore

Parameters:

clientId - The client ID.

code - The device code.

request - The request.

Throws:

ServerException - If there was an error in constructing the code.

NotFoundException - If the realm does not have an OAuth2Provider configured.

InvalidGrantException

queryForToken

public org.forgerock.json.JsonValue queryForToken(String realm,
                                                  org.forgerock.util.query.QueryFilter<CoreTokenField> queryFilter)
                                           throws ServerException,
                                                  NotFoundException

Description copied from interface: TokenStore

Queries the OAuth2 Provider's store for tokens.

Specified by:

queryForToken in interface TokenStore

Parameters:

realm - The Realm.

queryFilter - The query keyed by auth grant id, client id and resource owner.

Returns:

A JsonValue of the query results.

Throws:

ServerException - If there was an error in reading the token using the id.

NotFoundException - If the realm does not have an OAuth2Provider configured.

delete

public void delete(String realm,
                   String tokenId)
            throws ServerException,
                   NotFoundException

Description copied from interface: TokenStore

Deletes the Token from the OAuth2 Provider's store with the specified identifier.

Specified by:

delete in interface TokenStore

Parameters:

realm - The Realm

tokenId - The token ID

Throws:

ServerException - If there was an error in reading the token using the id.

NotFoundException - If the realm does not have an OAuth2Provider configured.

read

public org.forgerock.json.JsonValue read(String tokenId)
                                  throws ServerException,
                                         NotFoundException

Description copied from interface: TokenStore

Reads the Token from the OAuth2 Provider's store with the specified identifier.

Specified by:

read in interface TokenStore

Parameters:

tokenId - The token ID

Returns:

A JsonValue of the token. May be null if the token is not found.

Throws:

ServerException - If there was an error in reading the token using the id.

NotFoundException - If the realm does not have an OAuth2Provider configured.