Skip to content

Commit

Permalink
AUT-1735 Add representee.* scope option when logging in and optional …
Browse files Browse the repository at this point in the history
…scope input when refreshing govsso session
  • Loading branch information
Marten332 committed Apr 2, 2024
1 parent 49d68a4 commit 19daddc
Show file tree
Hide file tree
Showing 5 changed files with 34 additions and 7 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,9 @@ private RequestEntity<?> toRequestEntity(Request request) {
MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
params.add(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.REFRESH_TOKEN.getValue());
params.add(OAuth2ParameterNames.REFRESH_TOKEN, request.getOAuth2RefreshToken().getTokenValue());
if (request.getScope() != null) {
params.add(OAuth2ParameterNames.SCOPE, request.getScope());
}

HttpHeaders headers = new HttpHeaders();
headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
Expand All @@ -90,10 +93,12 @@ private RequestEntity<?> toRequestEntity(Request request) {
public static class Request extends AbstractOAuth2AuthorizationGrantRequest {

private final OAuth2RefreshToken oAuth2RefreshToken;
private final String scope;

public Request(ClientRegistration clientRegistration, OAuth2RefreshToken oAuth2RefreshToken) {
public Request(ClientRegistration clientRegistration, OAuth2RefreshToken oAuth2RefreshToken, String scope) {
super(AuthorizationGrantType.REFRESH_TOKEN, clientRegistration);
this.oAuth2RefreshToken = oAuth2RefreshToken;
this.scope = scope;
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -70,14 +70,14 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
return;
}
try {
handleRefresh(response);
handleRefresh(response, request.getParameter("scope"));
} catch (Exception e) {
log.error("Refresh token request failed", e);
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
}
}

private void handleRefresh(HttpServletResponse response) throws IOException {
private void handleRefresh(HttpServletResponse response, String scope) throws IOException {
Authentication previousAuthentication =
SecurityContextHolder.getContext().getAuthentication();
if (!(previousAuthentication instanceof GovssoAuthentication previousGovssoAuthentication)) {
Expand All @@ -94,7 +94,7 @@ private void handleRefresh(HttpServletResponse response) throws IOException {
ClientRegistration clientRegistration =
clientRegistrationRepository.findByRegistrationId(GOVSSO_REGISTRATION_ID);
OAuth2AccessTokenResponse tokenResponse =
performRefreshTokenGrantRequest(clientRegistration, previousGovssoAuthentication.getRefreshToken());
performRefreshTokenGrantRequest(clientRegistration, previousGovssoAuthentication.getRefreshToken(), scope);
GovssoAuthentication newAuthToken =
createNewAuthentication(clientRegistration, tokenResponse);
SecurityContextHolder.getContext().setAuthentication(newAuthToken);
Expand Down Expand Up @@ -135,10 +135,12 @@ private void writeResponse(HttpServletResponse response, OidcIdToken idToken, St

private OAuth2AccessTokenResponse performRefreshTokenGrantRequest(
ClientRegistration clientRegistration,
OAuth2RefreshToken refreshToken) {
OAuth2RefreshToken refreshToken,
String scope) {
GovssoRefreshTokenTokenResponseClient.Request tokenRequest = new GovssoRefreshTokenTokenResponseClient.Request(
clientRegistration,
refreshToken);
refreshToken,
scope);
return refreshTokenResponseClient.getTokenResponse(tokenRequest);
}

Expand Down
6 changes: 5 additions & 1 deletion src/main/resources/static/scripts/govsso-session-update.js
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,12 @@ function updateGovSsoSession() {
$('#updateButton').prop('disabled',true);
const csrfToken = $('meta[name="_csrf"]').attr('content');
const csrfHeader = $('meta[name="_csrf_header"]').attr('content');
var scope = '';
if ($('#scope').val()) {
scope = '?scope=' + encodeURIComponent($('#scope').val());
}
(async () => {
await fetch('/oauth2/refresh/govsso', {
await fetch('/oauth2/refresh/govsso' + scope, {
method: 'POST',
headers: {
[csrfHeader]: csrfToken,
Expand Down
9 changes: 9 additions & 0 deletions src/main/resources/templates/dashboard.html
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,15 @@ <h1 class="h2">Dashboard</h1>
Update GovSSO session
</button>
</div>
<div th:if="${authentication_provider == 'govsso'}"
class="d-flex justify-content-between flex-wrap flex-md-nowrap align-items-center mb-2 mb-md-0">
<div class="mx-2">
<span>scopes: </span>
</div>
<div>
<input class="form-control form-control-sm" type="text" id="scope" name="scope"/>
</div>
</div>
</div>
</div>
<div class="card mb-2">
Expand Down
7 changes: 7 additions & 0 deletions src/main/resources/templates/loginView.html
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,13 @@ <h4>Authentication Request</h4>
phone
</label>
</div>
<div class="form-check" th:if="${authentication_provider == 'govsso'}">
<input class="form-check-input" type="checkbox" id="authScopeRepresentee"
name="scope" value="representee.*"/>
<label class="form-check-label" for="authScopeRepresentee">
representee.*
</label>
</div>
<div class="form-row">
<div class="col-sm-3">
<input class="form-control form-control-sm" type="text" id="authScopeCustom"
Expand Down

0 comments on commit 19daddc

Please sign in to comment.