public Response post()

in token-service/src/main/java/com/google/solutions/tokenservice/web/OAuthResource.java [179:263]

• 76 lines of code
• 11 McCabe index (conditional complexity)

  public Response post(
    @FormParam("grant_type") String grantType,
    @FormParam("format") String format,
    MultivaluedMap<String, String> parameters
  ) {
    if ("external_credential".equals(format))
    {
      //
      // Return results in a format that's consumable by client libraries,
      // see https://google.aip.dev/auth/4117.
      //
      try {
        var authentication = handleTokenRequest(grantType, parameters);

        return Response
          .ok()
          .entity(new ExternalCredentialResponse(
            authentication.idToken().value(),
            authentication.idToken().expiryTime().getEpochSecond()))
          .build();
      }
      catch (IllegalArgumentException e) {
        return Response.status(Response.Status.BAD_REQUEST)
          .entity(new ExternalCredentialErrorResponse(TokenErrorResponse.INVALID_REQUEST, e))
          .build();
      }
      catch (Authentication.InvalidClientException e) {
        return Response.status(Response.Status.FORBIDDEN)
          .entity(new ExternalCredentialErrorResponse(TokenErrorResponse.UNAUTHORIZED_CLIENT, e))
          .build();
      }
      catch (Authentication.TokenIssuanceException e) {
        return Response.status(Response.Status.FORBIDDEN)
          .entity(new ExternalCredentialErrorResponse(TokenErrorResponse.ACCESS_DENIED, e))
          .build();
      }
      catch (Exception e) {
        return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
          .entity(new ExternalCredentialErrorResponse(TokenErrorResponse.SERVER_ERROR, e))
          .build();
      }
    }
    else {
      //
      // Return results in standard OAuth format.
      //
      try {
        var authentication = handleTokenRequest(grantType, parameters);
        var tokenResponse = authentication.accessToken() != null
          ? new TokenResponse(
          authentication.idToken().value(),
          authentication.accessToken().value(),
          TokenResponse.BEARER,
          authentication.accessToken().expiryTime().getEpochSecond()
            - authentication.accessToken().issueTime().getEpochSecond(),
          authentication.accessToken().scope())
          : new TokenResponse(authentication.idToken().value());

        return Response
          .ok()
          .entity(tokenResponse)
          .build();
      }
      catch (IllegalArgumentException e) {
        return Response.status(Response.Status.BAD_REQUEST)
          .entity(new TokenErrorResponse(TokenErrorResponse.INVALID_REQUEST, e))
          .build();
      }
      catch (Authentication.InvalidClientException e) {
        return Response.status(Response.Status.FORBIDDEN)
          .entity(new TokenErrorResponse(TokenErrorResponse.UNAUTHORIZED_CLIENT, e))
          .build();
      }
      catch (Authentication.TokenIssuanceException e) {
        return Response.status(Response.Status.FORBIDDEN)
          .entity(new TokenErrorResponse(TokenErrorResponse.ACCESS_DENIED, e))
          .build();
      }
      catch (Exception e) {
        return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
          .entity(new TokenErrorResponse(TokenErrorResponse.SERVER_ERROR, e))
          .build();
      }
    }
  }