in token-service/src/main/java/com/google/solutions/tokenservice/oauth/ClientCredentialsFlow.java [166:242]
public final Authentication authenticate(
AuthenticationRequest request
) throws Authentication.AuthenticationException {
Preconditions.checkNotNull(request, "request");
//
// Authenticate the client.
//
AuthenticatedClient client;
try
{
client = authenticateClient(request);
}
catch (Exception e) {
throw new Authentication.InvalidClientException(
"The client or its credentials are invalid", e);
}
//
// Issue an ID token.
//
IdToken idToken;
try {
idToken = issueIdToken(client);
}
catch (Exception e) {
throw new Authentication.TokenIssuanceException(
String.format("Issuing ID token for client '%s' failed", client.clientId()),
e);
}
//
// Issue an access token (if requested).
//
try {
var accessToken = issueAccessToken(request, client, idToken);
if (accessToken instanceof StsAccessToken stsAccessToken)
{
this.logAdapter
.newInfoEntry(
LogEvents.API_TOKEN,
String.format(
"Issued ID token and STS access token for client '%s' and scope '%s'",
client.clientId(),
stsAccessToken.scope()))
.write();
}
else if (accessToken instanceof ServiceAccountAccessToken saAccessToken)
{
this.logAdapter
.newInfoEntry(
LogEvents.API_TOKEN,
String.format(
"Issued ID token and service account access token for client '%s' and scope '%s'",
client.clientId(),
saAccessToken.scope()))
.write();
}
else {
this.logAdapter
.newInfoEntry(
LogEvents.API_TOKEN,
String.format("Issued ID token for client '%s'", client.clientId()))
.write();
}
return new Authentication(client, idToken, accessToken);
}
catch (Exception e) {
throw new Authentication.TokenIssuanceException(
String.format("Issuing access token for client '%s' failed", client.clientId()),
e);
}
}