Fix refresh token introspection issue

wso2-extensions · Nov 13, 2024 · 8319668 · 8319668
1 parent 7a90b09
commit 8319668
Showing 1 changed file with 17 additions and 4 deletions.
diff --git a/...src/main/java/org/wso2/carbon/identity/oauth2/rar/token/IntrospectionRARDataProvider.java b/...src/main/java/org/wso2/carbon/identity/oauth2/rar/token/IntrospectionRARDataProvider.java
@@ -1,5 +1,6 @@
 package org.wso2.carbon.identity.oauth2.rar.token;
 
+import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.identity.oauth.common.OAuthConstants;
@@ -22,6 +23,7 @@
 import java.util.Objects;
 
 import static org.wso2.carbon.identity.oauth2.rar.util.AuthorizationDetailsConstants.AUTHORIZATION_DETAILS;
+import static org.wso2.carbon.identity.oauth2.validators.RefreshTokenValidator.TOKEN_TYPE_NAME;
 
 /**
  * Class responsible for modifying the introspection response to include user-consented authorization details.
@@ -107,10 +109,8 @@ private OAuth2TokenValidationMessageContext generateOAuth2TokenValidationMessage
                     new OAuth2TokenValidationMessageContext(tokenValidationRequestDTO,
                             generateOAuth2TokenValidationResponseDTO(introspectionResponseDTO));
 
-            final AccessTokenDO accessTokenDO = OAuth2ServiceComponentHolder.getInstance().getTokenProvider()
-                    .getVerifiedAccessToken(tokenValidationRequestDTO.getAccessToken().getIdentifier(), false);
-
-            oAuth2TokenValidationMessageContext.addProperty(OAuthConstants.ACCESS_TOKEN_DO, accessTokenDO);
+            oAuth2TokenValidationMessageContext.addProperty(OAuthConstants.ACCESS_TOKEN_DO,
+                    this.getVerifiedToken(tokenValidationRequestDTO, introspectionResponseDTO));
 
             return oAuth2TokenValidationMessageContext;
         }
@@ -130,4 +130,17 @@ private OAuth2TokenValidationResponseDTO generateOAuth2TokenValidationResponseDT
 
         return tokenValidationResponseDTO;
     }
+
+    private AccessTokenDO getVerifiedToken(final OAuth2TokenValidationRequestDTO tokenValidationRequestDTO,
+                                           final OAuth2IntrospectionResponseDTO introspectionResponseDTO)
+            throws IdentityOAuth2Exception {
+
+        if (StringUtils.equals(TOKEN_TYPE_NAME, introspectionResponseDTO.getTokenType())) {
+            return OAuth2ServiceComponentHolder.getInstance().getTokenProvider()
+                    .getVerifiedRefreshToken(tokenValidationRequestDTO.getAccessToken().getIdentifier());
+        } else {
+            return OAuth2ServiceComponentHolder.getInstance().getTokenProvider()
+                    .getVerifiedAccessToken(tokenValidationRequestDTO.getAccessToken().getIdentifier(), false);
+        }
+    }
 }