Skip to content

Commit

Permalink
OAuth2 device code authorization time to refresh_token (#679)
Browse files Browse the repository at this point in the history
  • Loading branch information
@maximthomas
maximthomas authored Nov 21, 2023
1 parent 3ccad3a commit ce11cde
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 0 deletions.
7 changes: 7 additions & 0 deletions openam-oauth2/src/main/java/org/forgerock/oauth2/core/DeviceCode.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,12 @@
import static org.forgerock.openam.utils.Time.*;

import java.util.Collections;
import java.util.Date;
import java.util.Map;
import java.util.Set;

import com.sun.identity.authentication.util.ISAuthConstants;
import com.sun.identity.shared.DateUtils;
import org.forgerock.json.JsonValue;
import org.forgerock.oauth2.core.exceptions.InvalidGrantException;
import org.forgerock.oauth2.core.exceptions.ServerException;
Expand Down Expand Up @@ -324,6 +327,10 @@ private void setStringProperty(String key, String value) {
}

public void setAuthorized(boolean authorized) {
Date authInstantDate = newDate();
String authInstant = DateUtils.toUTCDateFormat(authInstantDate);
setStringProperty(ISAuthConstants.AUTH_INSTANT, authInstant);

setStringProperty("AUTHORIZED", Boolean.toString(authorized));
}

Expand Down
8 changes: 8 additions & 0 deletions openam-oauth2/src/main/java/org/forgerock/oauth2/core/GrantTypeAccessTokenGenerator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ public AccessToken generateAccessToken(OAuth2ProviderSettings providerSettings,
//retrieve end user's original authenticated time from session
long authTime = 0;
AuthorizationCode authCode = request.getToken(AuthorizationCode.class);
DeviceCode deviceCode = request.getToken(DeviceCode.class);
if (authCode != null) {
String sessionId = authCode.getSessionId();
if (StringUtils.isNotBlank(sessionId)) {
Expand All @@ -63,7 +64,14 @@ public AccessToken generateAccessToken(OAuth2ProviderSettings providerSettings,
logger.error("Error retrieving session from AuthorizationCode", e);
}
}
} else if (deviceCode != null) {
try {
authTime = stringToDate(deviceCode.getStringProperty(ISAuthConstants.AUTH_INSTANT)).getTime();
} catch (ParseException e) {
logger.error("Error retrieving session from DeviceCode", e);
}
}

RefreshToken refreshToken = null;
if (providerSettings.issueRefreshTokens()) {
refreshToken = tokenStore.createRefreshToken(grantType, clientId,
Expand Down

0 comments on commit ce11cde

Please sign in to comment.