This is an automated email from the ASF dual-hosted git repository.
mdisabatino pushed a commit to branch 4_0_X
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/4_0_X by this push:
new 144f89be23 [SYNCOPE-1950] Allow configuration of OIDC Token Expiration
Policy in WA
144f89be23 is described below
commit 144f89be235134a192117c098a84f6b1087edb38
Author: Marco Di Sabatino Di Diodoro <[email protected]>
AuthorDate: Wed Feb 11 12:41:48 2026 +0100
[SYNCOPE-1950] Allow configuration of OIDC Token Expiration Policy in WA
---
.../clientapps/ClientAppModalPanelBuilder.java | 32 ++++++++++
.../syncope/common/lib/to/OIDCRPClientAppTO.java | 72 ++++++++++++++++++++++
.../persistence/api/entity/am/OIDCRPClientApp.java | 23 +++++++
.../jpa/entity/am/JPAOIDCRPClientApp.java | 72 ++++++++++++++++++++++
.../neo4j/entity/am/Neo4jOIDCRPClientApp.java | 62 +++++++++++++++++++
.../java/data/ClientAppDataBinderImpl.java | 13 +++-
.../org/apache/syncope/fit/AbstractITCase.java | 7 +++
.../apache/syncope/fit/core/ClientAppITCase.java | 3 +
.../starter/mapping/OIDCRPClientAppTOMapper.java | 34 ++++++++++
9 files changed, 317 insertions(+), 1 deletion(-)
diff --git
a/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
b/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
index 440d32d132..7c2e2532b0 100644
---
a/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
+++
b/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
@@ -465,6 +465,38 @@ public class ClientAppModalPanelBuilder<T extends
ClientAppTO> extends AbstractM
false);
tokenEndpointAuthenticationMethod.setChoices(List.of(OIDCClientAuthenticationMethod.values()));
fields.add(tokenEndpointAuthenticationMethod);
+
+ AjaxTextFieldPanel accessTokenMaxTimeToLive = new
AjaxTextFieldPanel(
+ "field", "accessTokenMaxTimeToLive",
+ new PropertyModel<>(clientAppTO,
"accessTokenMaxTimeToLive"), false);
+ fields.add(accessTokenMaxTimeToLive);
+
+ AjaxTextFieldPanel accessTokenTimeToKill = new
AjaxTextFieldPanel(
+ "field", "accessTokenTimeToKill", new
PropertyModel<>(clientAppTO, "accessTokenTimeToKill"),
+ false);
+ fields.add(accessTokenTimeToKill);
+
+ AjaxNumberFieldPanel<Long> accessTokenMaxActiveTokens =
new AjaxNumberFieldPanel.Builder<Long>()
+ .enableOnChange()
+ .build("field", "accessTokenMaxActiveTokens",
Long.class,
+ new PropertyModel<>(clientAppTO,
"accessTokenMaxActiveTokens"));
+ fields.add(accessTokenMaxActiveTokens);
+
+ AjaxTextFieldPanel refreshTokenTimeToKill = new
AjaxTextFieldPanel(
+ "field", "refreshTokenTimeToKill",
+ new PropertyModel<>(clientAppTO,
"refreshTokenTimeToKill"), false);
+ fields.add(refreshTokenTimeToKill);
+
+ AjaxNumberFieldPanel<Long> refreshTokenMaxActiveTokens =
new AjaxNumberFieldPanel.Builder<Long>()
+ .enableOnChange()
+ .build("field", "refreshTokenMaxActiveTokens",
Long.class,
+ new PropertyModel<>(clientAppTO,
"refreshTokenMaxActiveTokens"));
+ fields.add(refreshTokenMaxActiveTokens);
+
+ AjaxTextFieldPanel deviceTokenTimeToKill = new
AjaxTextFieldPanel(
+ "field", "deviceTokenTimeToKill", new
PropertyModel<>(clientAppTO, "deviceTokenTimeToKill"),
+ false);
+ fields.add(deviceTokenTimeToKill);
break;
case SAML2SP:
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/OIDCRPClientAppTO.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/OIDCRPClientAppTO.java
index eb77daedd7..9e98636352 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/OIDCRPClientAppTO.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/OIDCRPClientAppTO.java
@@ -84,6 +84,18 @@ public class OIDCRPClientAppTO extends ClientAppTO {
private String jwksUri;
+ private String accessTokenMaxTimeToLive;
+
+ private String accessTokenTimeToKill;
+
+ private Long accessTokenMaxActiveTokens;
+
+ private String refreshTokenTimeToKill;
+
+ private Long refreshTokenMaxActiveTokens;
+
+ private String deviceTokenTimeToKill;
+
private OIDCClientAuthenticationMethod tokenEndpointAuthenticationMethod =
OIDCClientAuthenticationMethod.client_secret_basic;
@@ -283,6 +295,54 @@ public class OIDCRPClientAppTO extends ClientAppTO {
this.logoutUri = logoutUri;
}
+ public String getAccessTokenMaxTimeToLive() {
+ return accessTokenMaxTimeToLive;
+ }
+
+ public void setAccessTokenMaxTimeToLive(final String
accessTokenMaxTimeToLive) {
+ this.accessTokenMaxTimeToLive = accessTokenMaxTimeToLive;
+ }
+
+ public String getAccessTokenTimeToKill() {
+ return accessTokenTimeToKill;
+ }
+
+ public void setAccessTokenTimeToKill(final String accessTokenTimeToKill) {
+ this.accessTokenTimeToKill = accessTokenTimeToKill;
+ }
+
+ public Long getAccessTokenMaxActiveTokens() {
+ return accessTokenMaxActiveTokens;
+ }
+
+ public void setAccessTokenMaxActiveTokens(final Long
accessTokenMaxActiveTokens) {
+ this.accessTokenMaxActiveTokens = accessTokenMaxActiveTokens;
+ }
+
+ public String getRefreshTokenTimeToKill() {
+ return refreshTokenTimeToKill;
+ }
+
+ public void setRefreshTokenTimeToKill(final String refreshTokenTimeToKill)
{
+ this.refreshTokenTimeToKill = refreshTokenTimeToKill;
+ }
+
+ public Long getRefreshTokenMaxActiveTokens() {
+ return refreshTokenMaxActiveTokens;
+ }
+
+ public void setRefreshTokenMaxActiveTokens(final Long
refreshTokenMaxActiveTokens) {
+ this.refreshTokenMaxActiveTokens = refreshTokenMaxActiveTokens;
+ }
+
+ public String getDeviceTokenTimeToKill() {
+ return deviceTokenTimeToKill;
+ }
+
+ public void setDeviceTokenTimeToKill(final String deviceTokenTimeToKill) {
+ this.deviceTokenTimeToKill = deviceTokenTimeToKill;
+ }
+
@Override
public boolean equals(final Object obj) {
if (obj == null) {
@@ -321,6 +381,12 @@ public class OIDCRPClientAppTO extends ClientAppTO {
.append(this.jwksUri, rhs.jwksUri)
.append(this.tokenEndpointAuthenticationMethod,
rhs.tokenEndpointAuthenticationMethod)
.append(this.logoutUri, rhs.logoutUri)
+ .append(this.accessTokenMaxTimeToLive,
rhs.accessTokenMaxTimeToLive)
+ .append(this.accessTokenTimeToKill, rhs.accessTokenTimeToKill)
+ .append(this.accessTokenMaxActiveTokens,
rhs.accessTokenMaxActiveTokens)
+ .append(this.refreshTokenTimeToKill, rhs.accessTokenTimeToKill)
+ .append(this.refreshTokenMaxActiveTokens,
rhs.refreshTokenMaxActiveTokens)
+ .append(this.deviceTokenTimeToKill, rhs.deviceTokenTimeToKill)
.isEquals();
}
@@ -352,6 +418,12 @@ public class OIDCRPClientAppTO extends ClientAppTO {
.append(jwksUri)
.append(tokenEndpointAuthenticationMethod)
.append(logoutUri)
+ .append(accessTokenMaxTimeToLive)
+ .append(accessTokenTimeToKill)
+ .append(accessTokenMaxActiveTokens)
+ .append(refreshTokenTimeToKill)
+ .append(refreshTokenMaxActiveTokens)
+ .append(deviceTokenTimeToKill)
.toHashCode();
}
}
diff --git
a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/OIDCRPClientApp.java
b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/OIDCRPClientApp.java
index 6eb3a3b655..0eb2dbda8d 100644
---
a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/OIDCRPClientApp.java
+++
b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/OIDCRPClientApp.java
@@ -118,4 +118,27 @@ public interface OIDCRPClientApp extends ClientApp {
void setLogoutUri(String logoutUri);
+ String getDeviceTokenTimeToKill();
+
+ void setDeviceTokenTimeToKill(String deviceTokenTimeToKill);
+
+ Long getRefreshTokenMaxActiveTokens();
+
+ void setRefreshTokenMaxActiveTokens(Long refreshTokenMaxActiveTokens);
+
+ String getRefreshTokenTimeToKill();
+
+ void setRefreshTokenTimeToKill(String refreshTokenTimeToKill);
+
+ Long getAccessTokenMaxActiveTokens();
+
+ void setAccessTokenMaxActiveTokens(Long accessTokenMaxActiveTokens);
+
+ String getAccessTokenTimeToKill();
+
+ void setAccessTokenTimeToKill(String accessTokenTimeToKill);
+
+ String getAccessTokenMaxTimeToLive();
+
+ void setAccessTokenMaxTimeToLive(String accessTokenMaxTimeToLive);
}
diff --git
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPAOIDCRPClientApp.java
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPAOIDCRPClientApp.java
index 0ced79e62d..b0a368262b 100644
---
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPAOIDCRPClientApp.java
+++
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPAOIDCRPClientApp.java
@@ -142,6 +142,18 @@ public class JPAOIDCRPClientApp extends AbstractClientApp
implements OIDCRPClien
private String logoutUri;
+ private String accessTokenMaxTimeToLive;
+
+ private String accessTokenTimeToKill;
+
+ private Long accessTokenMaxActiveTokens;
+
+ private String refreshTokenTimeToKill;
+
+ private Long refreshTokenMaxActiveTokens;
+
+ private String deviceTokenTimeToKill;
+
@Override
public Set<String> getRedirectUris() {
return redirectUrisSet;
@@ -364,6 +376,66 @@ public class JPAOIDCRPClientApp extends AbstractClientApp
implements OIDCRPClien
this.logoutUri = logoutUri;
}
+ @Override
+ public String getDeviceTokenTimeToKill() {
+ return deviceTokenTimeToKill;
+ }
+
+ @Override
+ public void setDeviceTokenTimeToKill(final String deviceTokenTimeToKill) {
+ this.deviceTokenTimeToKill = deviceTokenTimeToKill;
+ }
+
+ @Override
+ public Long getRefreshTokenMaxActiveTokens() {
+ return refreshTokenMaxActiveTokens;
+ }
+
+ @Override
+ public void setRefreshTokenMaxActiveTokens(final Long
refreshTokenMaxActiveTokens) {
+ this.refreshTokenMaxActiveTokens = refreshTokenMaxActiveTokens;
+ }
+
+ @Override
+ public String getRefreshTokenTimeToKill() {
+ return refreshTokenTimeToKill;
+ }
+
+ @Override
+ public void setRefreshTokenTimeToKill(final String refreshTokenTimeToKill)
{
+ this.refreshTokenTimeToKill = refreshTokenTimeToKill;
+ }
+
+ @Override
+ public Long getAccessTokenMaxActiveTokens() {
+ return accessTokenMaxActiveTokens;
+ }
+
+ @Override
+ public void setAccessTokenMaxActiveTokens(final Long
accessTokenMaxActiveTokens) {
+ this.accessTokenMaxActiveTokens = accessTokenMaxActiveTokens;
+ }
+
+ @Override
+ public String getAccessTokenTimeToKill() {
+ return accessTokenTimeToKill;
+ }
+
+ @Override
+ public void setAccessTokenTimeToKill(final String accessTokenTimeToKill) {
+ this.accessTokenTimeToKill = accessTokenTimeToKill;
+ }
+
+ @Override
+ public String getAccessTokenMaxTimeToLive() {
+ return accessTokenMaxTimeToLive;
+ }
+
+ @Override
+ public void setAccessTokenMaxTimeToLive(final String
accessTokenMaxTimeToLive) {
+ this.accessTokenMaxTimeToLive = accessTokenMaxTimeToLive;
+ }
+
protected void json2list(final boolean clearFirst) {
if (clearFirst) {
getRedirectUris().clear();
diff --git
a/core/persistence-neo4j/src/main/java/org/apache/syncope/core/persistence/neo4j/entity/am/Neo4jOIDCRPClientApp.java
b/core/persistence-neo4j/src/main/java/org/apache/syncope/core/persistence/neo4j/entity/am/Neo4jOIDCRPClientApp.java
index 2e6d41b6ce..cb959011a0 100644
---
a/core/persistence-neo4j/src/main/java/org/apache/syncope/core/persistence/neo4j/entity/am/Neo4jOIDCRPClientApp.java
+++
b/core/persistence-neo4j/src/main/java/org/apache/syncope/core/persistence/neo4j/entity/am/Neo4jOIDCRPClientApp.java
@@ -119,6 +119,19 @@ public class Neo4jOIDCRPClientApp extends
AbstractClientApp implements OIDCRPCli
private String logoutUri;
+
+ private String accessTokenMaxTimeToLive;
+
+ private String accessTokenTimeToKill;
+
+ private Long accessTokenMaxActiveTokens;
+
+ private String refreshTokenTimeToKill;
+
+ private Long refreshTokenMaxActiveTokens;
+
+ private String deviceTokenTimeToKill;
+
@Override
public Set<String> getRedirectUris() {
return redirectUrisSet;
@@ -341,6 +354,55 @@ public class Neo4jOIDCRPClientApp extends
AbstractClientApp implements OIDCRPCli
this.logoutUri = logoutUri;
}
+
+ public String getDeviceTokenTimeToKill() {
+ return deviceTokenTimeToKill;
+ }
+
+ public void setDeviceTokenTimeToKill(final String deviceTokenTimeToKill) {
+ this.deviceTokenTimeToKill = deviceTokenTimeToKill;
+ }
+
+ public Long getRefreshTokenMaxActiveTokens() {
+ return refreshTokenMaxActiveTokens;
+ }
+
+ public void setRefreshTokenMaxActiveTokens(final Long
refreshTokenMaxActiveTokens) {
+ this.refreshTokenMaxActiveTokens = refreshTokenMaxActiveTokens;
+ }
+
+ public String getRefreshTokenTimeToKill() {
+ return refreshTokenTimeToKill;
+ }
+
+ public void setRefreshTokenTimeToKill(final String refreshTokenTimeToKill)
{
+ this.refreshTokenTimeToKill = refreshTokenTimeToKill;
+ }
+
+ public Long getAccessTokenMaxActiveTokens() {
+ return accessTokenMaxActiveTokens;
+ }
+
+ public void setAccessTokenMaxActiveTokens(final Long
accessTokenMaxActiveTokens) {
+ this.accessTokenMaxActiveTokens = accessTokenMaxActiveTokens;
+ }
+
+ public String getAccessTokenTimeToKill() {
+ return accessTokenTimeToKill;
+ }
+
+ public void setAccessTokenTimeToKill(final String accessTokenTimeToKill) {
+ this.accessTokenTimeToKill = accessTokenTimeToKill;
+ }
+
+ public String getAccessTokenMaxTimeToLive() {
+ return accessTokenMaxTimeToLive;
+ }
+
+ public void setAccessTokenMaxTimeToLive(final String
accessTokenMaxTimeToLive) {
+ this.accessTokenMaxTimeToLive = accessTokenMaxTimeToLive;
+ }
+
protected void json2list(final boolean clearFirst) {
if (clearFirst) {
getRedirectUris().clear();
diff --git
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
index 7eed004751..5abdc08768 100644
---
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
+++
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
@@ -257,6 +257,12 @@ public class ClientAppDataBinderImpl implements
ClientAppDataBinder {
clientApp.setJwks(clientAppTO.getJwks());
clientApp.setJwksUri(clientAppTO.getJwksUri());
clientApp.setTokenEndpointAuthenticationMethod(clientAppTO.getTokenEndpointAuthenticationMethod());
+
clientApp.setAccessTokenMaxActiveTokens(clientAppTO.getAccessTokenMaxActiveTokens());
+
clientApp.setAccessTokenMaxTimeToLive(clientAppTO.getAccessTokenMaxTimeToLive());
+
clientApp.setAccessTokenTimeToKill(clientAppTO.getAccessTokenTimeToKill());
+
clientApp.setRefreshTokenMaxActiveTokens(clientAppTO.getRefreshTokenMaxActiveTokens());
+
clientApp.setRefreshTokenTimeToKill(clientAppTO.getRefreshTokenTimeToKill());
+
clientApp.setDeviceTokenTimeToKill(clientAppTO.getDeviceTokenTimeToKill());
}
protected OIDCRPClientAppTO getOIDCClientAppTO(final OIDCRPClientApp
clientApp) {
@@ -289,7 +295,12 @@ public class ClientAppDataBinderImpl implements
ClientAppDataBinder {
clientAppTO.setJwks(clientApp.getJwks());
clientAppTO.setJwksUri(clientApp.getJwksUri());
clientAppTO.setTokenEndpointAuthenticationMethod(clientApp.getTokenEndpointAuthenticationMethod());
-
+
clientAppTO.setAccessTokenMaxActiveTokens(clientApp.getAccessTokenMaxActiveTokens());
+
clientAppTO.setAccessTokenMaxTimeToLive(clientApp.getAccessTokenMaxTimeToLive());
+
clientAppTO.setAccessTokenTimeToKill(clientApp.getAccessTokenTimeToKill());
+
clientAppTO.setRefreshTokenTimeToKill(clientApp.getRefreshTokenTimeToKill());
+
clientAppTO.setRefreshTokenMaxActiveTokens(clientApp.getRefreshTokenMaxActiveTokens());
+
clientAppTO.setDeviceTokenTimeToKill(clientApp.getDeviceTokenTimeToKill());
return clientAppTO;
}
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
index b06da9f219..297bb64e5c 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
@@ -977,6 +977,13 @@ public abstract class AbstractITCase {
oidcrpTO.setAuthPolicy(authPolicyTO.getKey());
oidcrpTO.setAccessPolicy(accessPolicyTO.getKey());
+
+ oidcrpTO.setAccessTokenMaxActiveTokens(0L);
+ oidcrpTO.setAccessTokenMaxTimeToLive("PT8H");
+ oidcrpTO.setAccessTokenTimeToKill("PT2H");
+ oidcrpTO.setRefreshTokenMaxActiveTokens(0L);
+ oidcrpTO.setRefreshTokenTimeToKill("P14D");
+ oidcrpTO.setDeviceTokenTimeToKill("PT5M");
return oidcrpTO;
}
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ClientAppITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ClientAppITCase.java
index 72434fe413..8c15d891af 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ClientAppITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ClientAppITCase.java
@@ -121,6 +121,7 @@ public class ClientAppITCase extends AbstractITCase {
assertFalse(found.getSupportedResponseTypes().isEmpty());
assertNotNull(found.getAccessPolicy());
assertNotNull(found.getAuthPolicy());
+ assertNotNull(found.getAccessTokenMaxTimeToLive());
}
@Test
@@ -147,6 +148,7 @@ public class ClientAppITCase extends AbstractITCase {
oidcrpTO.setClientId("newClientId");
oidcrpTO.setAccessPolicy(accessPolicyTO.getKey());
+ oidcrpTO.setDeviceTokenTimeToKill("PT6M");
CLIENT_APP_SERVICE.update(ClientAppType.OIDCRP, oidcrpTO);
OIDCRPClientAppTO updated =
CLIENT_APP_SERVICE.read(ClientAppType.OIDCRP, oidcrpTO.getKey());
@@ -154,6 +156,7 @@ public class ClientAppITCase extends AbstractITCase {
assertNotNull(updated);
assertEquals("newClientId", updated.getClientId());
assertNotNull(updated.getAccessPolicy());
+ assertEquals("PT6M", updated.getDeviceTokenTimeToKill());
}
@Test
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
index 0f5e528c0e..2862feb0d5 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
@@ -43,6 +43,9 @@ import
org.apereo.cas.services.RegisteredServiceProxyGrantingTicketExpirationPol
import org.apereo.cas.services.RegisteredServiceProxyTicketExpirationPolicy;
import org.apereo.cas.services.RegisteredServiceServiceTicketExpirationPolicy;
import
org.apereo.cas.services.RegisteredServiceTicketGrantingTicketExpirationPolicy;
+import
org.apereo.cas.support.oauth.services.DefaultRegisteredServiceOAuthAccessTokenExpirationPolicy;
+import
org.apereo.cas.support.oauth.services.DefaultRegisteredServiceOAuthDeviceTokenExpirationPolicy;
+import
org.apereo.cas.support.oauth.services.DefaultRegisteredServiceOAuthRefreshTokenExpirationPolicy;
public class OIDCRPClientAppTOMapper extends AbstractClientAppMapper {
@@ -129,6 +132,37 @@ public class OIDCRPClientAppTOMapper extends
AbstractClientAppMapper {
setPolicies(service, authPolicy, mfaPolicy, accessStrategy,
attributeReleasePolicy,
tgtExpirationPolicy, stExpirationPolicy,
tgtProxyExpirationPolicy, stProxyExpirationPolicy);
+ if (rp.getAccessTokenMaxTimeToLive() != null
+ || rp.getAccessTokenTimeToKill() != null
+ || rp.getAccessTokenMaxActiveTokens() != null) {
+ DefaultRegisteredServiceOAuthAccessTokenExpirationPolicy
accessTokenExpirationPolicy =
+ new
DefaultRegisteredServiceOAuthAccessTokenExpirationPolicy();
+ Optional.ofNullable(rp.getAccessTokenMaxTimeToLive())
+ .ifPresent(accessTokenExpirationPolicy::setMaxTimeToLive);
+ Optional.ofNullable(rp.getAccessTokenTimeToKill())
+ .ifPresent(accessTokenExpirationPolicy::setTimeToKill);
+ Optional.ofNullable(rp.getAccessTokenMaxActiveTokens())
+
.ifPresent(accessTokenExpirationPolicy::setMaxActiveTokens);
+
service.setAccessTokenExpirationPolicy(accessTokenExpirationPolicy);
+ }
+
+ if (rp.getRefreshTokenTimeToKill() != null ||
rp.getRefreshTokenMaxActiveTokens() != null) {
+ DefaultRegisteredServiceOAuthRefreshTokenExpirationPolicy
refreshTokenExpirationPolicy =
+ new
DefaultRegisteredServiceOAuthRefreshTokenExpirationPolicy();
+ Optional.ofNullable(rp.getRefreshTokenTimeToKill())
+ .ifPresent(refreshTokenExpirationPolicy::setTimeToKill);
+ Optional.ofNullable(rp.getRefreshTokenMaxActiveTokens())
+
.ifPresent(refreshTokenExpirationPolicy::setMaxActiveTokens);
+
service.setRefreshTokenExpirationPolicy(refreshTokenExpirationPolicy);
+ }
+
+ if (rp.getDeviceTokenTimeToKill() != null) {
+ DefaultRegisteredServiceOAuthDeviceTokenExpirationPolicy
deviceTokenExpirationPolicy =
+ new
DefaultRegisteredServiceOAuthDeviceTokenExpirationPolicy();
+ Optional.ofNullable(rp.getAccessTokenTimeToKill())
+ .ifPresent(deviceTokenExpirationPolicy::setTimeToKill);
+
service.setDeviceTokenExpirationPolicy(deviceTokenExpirationPolicy);
+ }
return service;
}
}
