in plugin-rest/spring-security-rest/grails-app/controllers/grails/plugin/springsecurity/rest/RestOauthController.groovy [127:181]
def accessToken() {
String grantType = params['grant_type']
if (!grantType || grantType != 'refresh_token') {
render status: HttpStatus.BAD_REQUEST, text: "Invalid grant_type"
return
}
String refreshToken = params['refresh_token']
log.debug "Trying to generate an access token for the refresh token: ${refreshToken}"
if(!refreshToken) {
log.debug "Refresh token is missing. Replying with bad request"
render status: HttpStatus.BAD_REQUEST, text: "Refresh token is required"
return
}
// only JWT tokens can be refreshed
if(!AbstractJwtTokenGenerator.isAssignableFrom(tokenGenerator.getClass())) {
log.debug("Token type does not support refresh tokens")
render status: HttpStatus.FORBIDDEN
return
}
try {
JWT jwt = jwtService.parse(refreshToken)
if(!jwt || !jwt.JWTClaimsSet.getBooleanClaim(AbstractJwtTokenGenerator.REFRESH_ONLY_CLAIM)) {
log.debug("Token ${refreshToken} is not a refresh token")
render status: HttpStatus.FORBIDDEN
return
}
}
catch(e) {
log.debug("Invalid refresh token: ${refreshToken}", e)
render status: HttpStatus.FORBIDDEN
return
}
try {
def user = tokenStorageService.loadUserByToken(refreshToken)
User principal = user ? user as User : null
log.debug "Principal found for refresh token: ${principal}"
AccessToken accessToken = (tokenGenerator as AbstractJwtTokenGenerator).generateAccessToken(principal, false)
accessToken.refreshToken = refreshToken
tokenStorageService.storeToken(accessToken)
authenticationEventPublisher.publishTokenCreation(accessToken)
response.addHeader 'Cache-Control', 'no-store'
response.addHeader 'Pragma', 'no-cache'
render contentType: 'application/json', encoding: 'UTF-8', text: accessTokenJsonRenderer.generateJson(accessToken)
} catch (e) {
log.debug("Could not load by refresh token", e)
render status: HttpStatus.FORBIDDEN
}
}