diff --git a/src/main/java/ee/ria/govsso/client/govsso/configuration/GovssoRefreshTokenTokenResponseClient.java b/src/main/java/ee/ria/govsso/client/govsso/configuration/GovssoRefreshTokenTokenResponseClient.java index 958554f..89c1a4a 100644 --- a/src/main/java/ee/ria/govsso/client/govsso/configuration/GovssoRefreshTokenTokenResponseClient.java +++ b/src/main/java/ee/ria/govsso/client/govsso/configuration/GovssoRefreshTokenTokenResponseClient.java @@ -67,6 +67,9 @@ private RequestEntity toRequestEntity(Request request) { MultiValueMap params = new LinkedMultiValueMap<>(); params.add(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.REFRESH_TOKEN.getValue()); params.add(OAuth2ParameterNames.REFRESH_TOKEN, request.getOAuth2RefreshToken().getTokenValue()); + if (request.getScope() != null) { + params.add(OAuth2ParameterNames.SCOPE, request.getScope()); + } HttpHeaders headers = new HttpHeaders(); headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON)); @@ -90,10 +93,12 @@ private RequestEntity toRequestEntity(Request request) { public static class Request extends AbstractOAuth2AuthorizationGrantRequest { private final OAuth2RefreshToken oAuth2RefreshToken; + private final String scope; - public Request(ClientRegistration clientRegistration, OAuth2RefreshToken oAuth2RefreshToken) { + public Request(ClientRegistration clientRegistration, OAuth2RefreshToken oAuth2RefreshToken, String scope) { super(AuthorizationGrantType.REFRESH_TOKEN, clientRegistration); this.oAuth2RefreshToken = oAuth2RefreshToken; + this.scope = scope; } } diff --git a/src/main/java/ee/ria/govsso/client/govsso/filter/GovssoRefreshTokenFilter.java b/src/main/java/ee/ria/govsso/client/govsso/filter/GovssoRefreshTokenFilter.java index 346efbf..3c7a341 100644 --- a/src/main/java/ee/ria/govsso/client/govsso/filter/GovssoRefreshTokenFilter.java +++ b/src/main/java/ee/ria/govsso/client/govsso/filter/GovssoRefreshTokenFilter.java @@ -70,14 +70,14 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse return; } try { - handleRefresh(response); + handleRefresh(response, request.getParameter("scope")); } catch (Exception e) { log.error("Refresh token request failed", e); response.setStatus(HttpServletResponse.SC_FORBIDDEN); } } - private void handleRefresh(HttpServletResponse response) throws IOException { + private void handleRefresh(HttpServletResponse response, String scope) throws IOException { Authentication previousAuthentication = SecurityContextHolder.getContext().getAuthentication(); if (!(previousAuthentication instanceof GovssoAuthentication previousGovssoAuthentication)) { @@ -94,7 +94,7 @@ private void handleRefresh(HttpServletResponse response) throws IOException { ClientRegistration clientRegistration = clientRegistrationRepository.findByRegistrationId(GOVSSO_REGISTRATION_ID); OAuth2AccessTokenResponse tokenResponse = - performRefreshTokenGrantRequest(clientRegistration, previousGovssoAuthentication.getRefreshToken()); + performRefreshTokenGrantRequest(clientRegistration, previousGovssoAuthentication.getRefreshToken(), scope); GovssoAuthentication newAuthToken = createNewAuthentication(clientRegistration, tokenResponse); SecurityContextHolder.getContext().setAuthentication(newAuthToken); @@ -135,10 +135,12 @@ private void writeResponse(HttpServletResponse response, OidcIdToken idToken, St private OAuth2AccessTokenResponse performRefreshTokenGrantRequest( ClientRegistration clientRegistration, - OAuth2RefreshToken refreshToken) { + OAuth2RefreshToken refreshToken, + String scope) { GovssoRefreshTokenTokenResponseClient.Request tokenRequest = new GovssoRefreshTokenTokenResponseClient.Request( clientRegistration, - refreshToken); + refreshToken, + scope); return refreshTokenResponseClient.getTokenResponse(tokenRequest); } diff --git a/src/main/resources/static/scripts/govsso-session-update.js b/src/main/resources/static/scripts/govsso-session-update.js index ac70b96..06e73ba 100644 --- a/src/main/resources/static/scripts/govsso-session-update.js +++ b/src/main/resources/static/scripts/govsso-session-update.js @@ -35,8 +35,12 @@ function updateGovSsoSession() { $('#updateButton').prop('disabled',true); const csrfToken = $('meta[name="_csrf"]').attr('content'); const csrfHeader = $('meta[name="_csrf_header"]').attr('content'); + var scope = ''; + if ($('#scope').val()) { + scope = '?scope=' + encodeURIComponent($('#scope').val()); + } (async () => { - await fetch('/oauth2/refresh/govsso', { + await fetch('/oauth2/refresh/govsso' + scope, { method: 'POST', headers: { [csrfHeader]: csrfToken, diff --git a/src/main/resources/templates/dashboard.html b/src/main/resources/templates/dashboard.html index 76baf93..053ff8c 100644 --- a/src/main/resources/templates/dashboard.html +++ b/src/main/resources/templates/dashboard.html @@ -59,6 +59,15 @@

Dashboard

Update GovSSO session +
+
+ scopes: +
+
+ +
+
diff --git a/src/main/resources/templates/loginView.html b/src/main/resources/templates/loginView.html index 259000a..136530c 100644 --- a/src/main/resources/templates/loginView.html +++ b/src/main/resources/templates/loginView.html @@ -148,6 +148,13 @@

Authentication Request

phone
+
+ + +