Skip to content

Instantly share code, notes, and snippets.

@nealeu

nealeu/ConfigurableAccessTokenConverter

Last active June 19, 2017 21:34
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save nealeu/74c2843888cc2910115d14a6e090da12 to your computer and use it in GitHub Desktop.
Save nealeu/74c2843888cc2910115d14a6e090da12 to your computer and use it in GitHub Desktop.
Download ZIP
JWK for Auth0 (and prob enough for Okta too)
Raw
ConfigurableAccessTokenConverter
public class ConfigurableAccessTokenConverter extends DefaultAccessTokenConverter {
public ConfigurableAccessTokenConverter(String usernameAttributeKey) {
super();
setUserTokenConverter(new DefaultUserAuthenticationConverter() {
@Override
public Authentication extractAuthentication(Map<String, ?> map) {
if (map.containsKey(usernameAttributeKey)) {
Object principal = map.get(usernameAttributeKey);
Collection<? extends GrantedAuthority> authorities = getAuthorities(map);
// if (userDetailsService != null) {
// UserDetails user = userDetailsService.loadUserByUsername((String) map.get(usernameAttributeKey));
// authorities = user.getAuthorities();
// principal = user;
// }
return new UsernamePasswordAuthenticationToken(principal, "N/A", authorities);
}
return null;
}
private Collection<? extends GrantedAuthority> getAuthorities(Map<String, ?> map) {
Object authorities = map.get(AUTHORITIES);
if (authorities instanceof String) {
return AuthorityUtils.commaSeparatedStringToAuthorityList((String) authorities);
}
if (authorities instanceof Collection) {
return AuthorityUtils.commaSeparatedStringToAuthorityList(StringUtils
.collectionToCommaDelimitedString((Collection<?>) authorities));
}
throw new IllegalArgumentException("Authorities must be either a String or a Collection");
}
});
}
@Override
public OAuth2Authentication extractAuthentication(Map<String, ?> map) {
return super.extractAuthentication(map);
}
}
Raw
ConfigurableJwkTokenServices.java
public class ConfigurableJwkTokenServices extends DefaultTokenServices {
private final TokenStore tokenStore;
private final Auth0AccessTokenConverter tokenConverter;
public ConfigurableJwkTokenServices(TokenStore tokenStore, String usernameAttributeKey) {
super.setTokenStore(tokenStore);
this.tokenStore = tokenStore; // need to keep a reference
tokenConverter = new Auth0AccessTokenConverter(usernameAttributeKey);
}
@Override
public OAuth2Authentication loadAuthentication(String accessTokenValue) throws AuthenticationException, InvalidTokenException {
OAuth2AccessToken accessToken = tokenStore.readAccessToken(accessTokenValue);
if (accessToken == null) {
throw new InvalidTokenException("Invalid access token: " + accessTokenValue);
}
else if (accessToken.isExpired()) {
tokenStore.removeAccessToken(accessToken);
throw new InvalidTokenException("Access token expired: " + accessTokenValue);
}
// OAuth2Authentication result = tokenStore.readAuthentication(accessToken);
OAuth2Authentication result = readAuthentication(accessToken);
if (result == null) {
// in case of race condition
throw new InvalidTokenException("Invalid access token: " + accessTokenValue);
}
return result;
}
public OAuth2Authentication readAuthentication(OAuth2AccessToken token) {
return tokenConverter.extractAuthentication(token.getAdditionalInformation());
}
}
Raw
SecurityConfig.java
@Configuration
protected static class JwkTokenStoreConfiguration {
private final ResourceServerProperties resource;
public JwkTokenStoreConfiguration(ResourceServerProperties resource) {
this.resource = resource;
}
@Primary
@Bean
public DefaultTokenServices jwkTokenServices(TokenStore jwkTokenStore) {
return new ConfigurableJwkTokenServices(jwkTokenStore, "nickname");
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment