/* * Copyright 2025 Hirokazu Kobayashi * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.idp.server.core.openid.token.handler.token; import java.util.Map; import org.idp.server.core.openid.grant_management.AuthorizationGrantedRepository; import org.idp.server.core.openid.oauth.clientauthenticator.ClientAuthenticationHandler; import org.idp.server.core.openid.oauth.clientauthenticator.clientcredentials.ClientCredentials; import org.idp.server.core.openid.oauth.configuration.AuthorizationServerConfiguration; import org.idp.server.core.openid.oauth.configuration.AuthorizationServerConfigurationQueryRepository; import org.idp.server.core.openid.oauth.configuration.client.ClientConfiguration; import org.idp.server.core.openid.oauth.configuration.client.ClientConfigurationQueryRepository; import org.idp.server.core.openid.oauth.repository.AuthorizationCodeGrantRepository; import org.idp.server.core.openid.oauth.repository.AuthorizationRequestRepository; import org.idp.server.core.openid.oauth.type.extension.CustomProperties; import org.idp.server.core.openid.oauth.type.mtls.ClientCert; import org.idp.server.core.openid.oauth.type.oauth.ClientSecretBasic; import org.idp.server.core.openid.oauth.type.oauth.GrantType; import org.idp.server.core.openid.oauth.type.oauth.RequestedClientId; import org.idp.server.core.openid.token.JwtBearerUserFindingDelegate; import org.idp.server.core.openid.token.OAuthToken; import org.idp.server.core.openid.token.PasswordCredentialsGrantDelegate; import org.idp.server.core.openid.token.TokenRequestContext; import org.idp.server.core.openid.token.TokenRequestParameters; import org.idp.server.core.openid.token.TokenUserFindingDelegate; import org.idp.server.core.openid.token.handler.token.io.TokenRequest; import org.idp.server.core.openid.token.handler.token.io.TokenRequestResponse; import org.idp.server.core.openid.token.handler.token.io.TokenRequestStatus; import org.idp.server.core.openid.token.repository.OAuthTokenCommandRepository; import org.idp.server.core.openid.token.repository.OAuthTokenQueryRepository; import org.idp.server.core.openid.token.service.*; import org.idp.server.core.openid.token.validator.TokenRequestValidator; import org.idp.server.platform.log.LoggerWrapper; import org.idp.server.platform.multi_tenancy.tenant.Tenant; public class TokenRequestHandler { LoggerWrapper log = LoggerWrapper.getLogger(TokenRequestHandler.class); OAuthTokenCreationServices oAuthTokenCreationServices; ClientAuthenticationHandler clientAuthenticationHandler; OAuthTokenCommandRepository oAuthTokenCommandRepository; AuthorizationServerConfigurationQueryRepository authorizationServerConfigurationQueryRepository; ClientConfigurationQueryRepository clientConfigurationQueryRepository; public TokenRequestHandler( AuthorizationRequestRepository authorizationRequestRepository, AuthorizationCodeGrantRepository authorizationCodeGrantRepository, OAuthTokenCommandRepository oAuthTokenCommandRepository, OAuthTokenQueryRepository oAuthTokenQueryRepository, AuthorizationGrantedRepository authorizationGrantedRepository, AuthorizationServerConfigurationQueryRepository authorizationServerConfigurationQueryRepository, ClientConfigurationQueryRepository clientConfigurationQueryRepository, Map extensionOAuthTokenCreationServices) { this.oAuthTokenCreationServices = new OAuthTokenCreationServices( authorizationRequestRepository, authorizationCodeGrantRepository, oAuthTokenCommandRepository, oAuthTokenQueryRepository, authorizationGrantedRepository, extensionOAuthTokenCreationServices); this.clientAuthenticationHandler = new ClientAuthenticationHandler(); this.oAuthTokenCommandRepository = oAuthTokenCommandRepository; this.authorizationServerConfigurationQueryRepository = authorizationServerConfigurationQueryRepository; this.clientConfigurationQueryRepository = clientConfigurationQueryRepository; } public TokenRequestResponse handle( TokenRequest tokenRequest, PasswordCredentialsGrantDelegate passwordCredentialsGrantDelegate, TokenUserFindingDelegate tokenUserFindingDelegate, JwtBearerUserFindingDelegate jwtBearerUserFindingDelegate) { Tenant tenant = tokenRequest.tenant(); TokenRequestParameters parameters = tokenRequest.toParameters(); TokenRequestValidator baseValidator = new TokenRequestValidator(parameters); baseValidator.validate(); ClientSecretBasic clientSecretBasic = tokenRequest.clientSecretBasic(); ClientCert clientCert = tokenRequest.toClientCert(); RequestedClientId requestedClientId = tokenRequest.clientId(); CustomProperties customProperties = tokenRequest.toCustomProperties(); AuthorizationServerConfiguration authorizationServerConfiguration = authorizationServerConfigurationQueryRepository.get(tenant); ClientConfiguration clientConfiguration = clientConfigurationQueryRepository.get(tenant, requestedClientId); TokenRequestContext tokenRequestContext = new TokenRequestContext( tenant, clientSecretBasic, clientCert, parameters, customProperties, passwordCredentialsGrantDelegate, tokenUserFindingDelegate, jwtBearerUserFindingDelegate, authorizationServerConfiguration, clientConfiguration); ClientCredentials clientCredentials = clientAuthenticationHandler.authenticate(tokenRequestContext); OAuthTokenCreationService oAuthTokenCreationService = oAuthTokenCreationServices.get(tokenRequestContext.grantType()); OAuthToken oAuthToken = oAuthTokenCreationService.create(tokenRequestContext, clientCredentials); return new TokenRequestResponse(TokenRequestStatus.OK, oAuthToken); } }