Skip to content

Commit

Permalink
Revoke active access token when unsharing a shared app.
Browse files Browse the repository at this point in the history
  • Loading branch information
@mpmadhavig
mpmadhavig committed Sep 19, 2023
1 parent 8c548f3 commit 8e708c7
Showing 1 changed file with 39 additions and 0 deletions.
39 changes: 39 additions & 0 deletions ...g/wso2/carbon/identity/organization/management/application/OrgApplicationManagerImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
import org.wso2.carbon.identity.oauth.IdentityOAuthAdminException;
import org.wso2.carbon.identity.oauth.OAuthAdminServiceImpl;
import org.wso2.carbon.identity.oauth.common.OAuthConstants;
import org.wso2.carbon.identity.oauth.dto.OAuthAppRevocationRequestDTO;
import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO;
import org.wso2.carbon.identity.oauth.dto.ScopeDTO;
import org.wso2.carbon.identity.organization.management.application.dao.OrgApplicationMgtDAO;
Expand Down Expand Up @@ -264,6 +265,8 @@ public void deleteSharedApplication(String organizationId, String applicationId,
resolveSharedApp(serviceProvider.getApplicationResourceId(), organizationId,
sharedApplicationDO.getOrganizationId());
if (sharedApplicationId.isPresent()) {
revokeAccessTokensOfSharedApp(organizationId, applicationId,
sharedApplicationDO.getOrganizationId());
deleteSharedApplication(sharedApplicationDO.getOrganizationId(), sharedApplicationId.get());
}
IdentityUtil.threadLocalProperties.get().remove(DELETE_SHARE_FOR_MAIN_APPLICATION);
Expand Down Expand Up @@ -292,13 +295,49 @@ public void deleteSharedApplication(String organizationId, String applicationId,
Optional<String> sharedApplicationId =
resolveSharedApp(serviceProvider.getApplicationResourceId(), organizationId, sharedOrganizationId);
if (sharedApplicationId.isPresent()) {
revokeAccessTokensOfSharedApp(organizationId, applicationId, sharedOrganizationId);
deleteSharedApplication(sharedOrganizationId, sharedApplicationId.get());
getListener().postDeleteSharedApplication(organizationId, applicationId, sharedOrganizationId,
sharedApplicationId.get());
}
}
}

/**
* Revoke access token generated for a shared application.
*
* @param rootOrganizationId Root organization id.
* @param rootApplicationId Root application id.
* @param sharedOrganizationId Shared organization id.
*/
private void revokeAccessTokensOfSharedApp(String rootOrganizationId, String rootApplicationId,
String sharedOrganizationId) throws OrganizationManagementException {

String rootTenantDomain = getOrganizationManager().resolveTenantDomain(rootOrganizationId);
if (StringUtils.isBlank(rootTenantDomain)) {
throw handleServerException(ERROR_CODE_ERROR_RESOLVING_TENANT_DOMAIN_FROM_ORGANIZATION_DOMAIN, null,
rootOrganizationId);
}
ServiceProvider rootApplication = getOrgApplication(rootApplicationId, rootTenantDomain);
ServiceProvider sharedApplication = resolveSharedApplicationByMainAppUUID(
rootApplication.getApplicationResourceId(), rootOrganizationId, sharedOrganizationId);

if (sharedApplication.getInboundAuthenticationConfig()
.getInboundAuthenticationRequestConfigs().length != 0) {
String consumerKey = sharedApplication.getInboundAuthenticationConfig()
.getInboundAuthenticationRequestConfigs()[0].getInboundAuthKey();
OAuthAppRevocationRequestDTO application = new OAuthAppRevocationRequestDTO();
application.setConsumerKey(consumerKey);
try {
OrgApplicationMgtDataHolder.getInstance().getOAuthAdminService()
.revokeIssuedTokensByApplication(application);
} catch (IdentityOAuthAdminException e) {
throw new OrganizationManagementException("Error while revoking issued tokens for application: " +
application.getConsumerKey(), e.getErrorCode());
}
}
}

private void deleteSharedApplication(String sharedOrganizationId, String sharedApplicationId)
throws OrganizationManagementException {

Expand Down

0 comments on commit 8e708c7

Please sign in to comment.