Commit 63afad43 authored by femiadeyemi's avatar femiadeyemi
Browse files

enable access to aai refresh token

Motivation:

Each time a aai access token is needed, we need to authenticate
again to obtain a new access token. However, this is not necessary
since we can use the refresh token, provided one is available
to obtain a new access_token.

Modification:

- initialise OAuth2AuthorizedClientService by using constructor
    instead of autowiring
- add a GET controller and a link that can be use to get the
    refresh token
- add to the list of scope `offline_access` to request for the
    refresh token from the auth server (that is Helmholtz AAI server).

Result:

Refresh token can now be obtain

Target: master
Review-at: https://gitlab.hzdr.de/hifis-technical-platform/helmholtz-marketplace-server/-/merge_requests/12
parent 2d3bce58
Pipeline #42603 passed with stages
in 7 minutes and 22 seconds
package de.helmholtz.marketplace.webappserver.controller;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
......@@ -15,18 +13,29 @@ import javax.servlet.http.HttpServletRequest;
@RestController
public class UtilityController
{
@Autowired
private OAuth2AuthorizedClientService authorizedClientService;
private final OAuth2AuthorizedClientService authorizedClientService;
private final ObjectMapper mapper = new ObjectMapper();
public UtilityController(OAuth2AuthorizedClientService authorizedClientService) {
this.authorizedClientService = authorizedClientService;
}
@GetMapping("/token")
public JsonNode getBearerToken(
OAuth2AuthenticationToken authentication) throws JsonProcessingException {
OAuth2AuthenticationToken authentication) {
OAuth2AuthorizedClient client = authorizedClientService.loadAuthorizedClient(
authentication.getAuthorizedClientRegistrationId(), authentication.getName());
ObjectMapper mapper = new ObjectMapper();
return mapper.convertValue(client.getAccessToken(), JsonNode.class);
}
@GetMapping("/refresh-token")
public JsonNode getRefreshToken(
OAuth2AuthenticationToken authentication) {
OAuth2AuthorizedClient client = authorizedClientService.loadAuthorizedClient(
authentication.getAuthorizedClientRegistrationId(), authentication.getName());
return mapper.convertValue(client.getRefreshToken(), JsonNode.class);
}
@GetMapping("/error")
@ResponseBody
public String error(HttpServletRequest request) {
......
......@@ -21,6 +21,7 @@ spring:
authorization-grant-type: authorization_code
redirect-uri: "{baseUrl}/login/oauth2/code/unity"
scope:
- offline_access
- credentials
- profile
- email
......
......@@ -11,6 +11,9 @@
<div>
<a href="/token">get token</a>
</div>
<div>
<a href="/refresh-token">get refresh token</a>
</div>
<div>
<a href="/csrf">csrf</a>
</div>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment