📝 feat: Support to generate custom token

jap-ids/src/main/java/com/fujieid/jap/ids/JapIds.java

@@ -23,10 +23,7 @@
 import com.fujieid.jap.ids.pipeline.IdsFilterPipeline;
 import com.fujieid.jap.ids.pipeline.IdsLogoutPipeline;
 import com.fujieid.jap.ids.pipeline.IdsSignInPipeline;
-import com.fujieid.jap.ids.service.IdsClientDetailService;
-import com.fujieid.jap.ids.service.IdsIdentityService;
-import com.fujieid.jap.ids.service.IdsUserService;
-import com.fujieid.jap.ids.service.IdsUserStoreService;
+import com.fujieid.jap.ids.service.*;
 
 import javax.servlet.http.HttpServletRequest;
 import java.io.Serializable;
@@ -69,6 +66,9 @@ private static void loadService() {
         if (null == context.getUserStoreService()) {
             context.setUserStoreService(JapServiceLoader.loadFirst(IdsUserStoreService.class));
         }
+        if (null == context.getTokenService()) {
+            context.setTokenService(JapServiceLoader.loadFirst(IdsTokenService.class));
+        }
     }
 
     private static void loadPipeline() {

jap-ids/src/main/java/com/fujieid/jap/ids/context/IdsContext.java

@@ -41,7 +41,9 @@ public class IdsContext implements Serializable {
 
     private IdsIdentityService identityService;
 
-    private IdsUserStoreService userStoreService = new IdsUserStoreServiceImpl();
+    private IdsUserStoreService userStoreService;
+
+    private IdsTokenService tokenService;
 
     private IdsConfig idsConfig;
 
@@ -105,6 +107,15 @@ public IdsContext setUserStoreService(IdsUserStoreService userStoreService) {
         return this;
     }
 
+    public IdsTokenService getTokenService() {
+        return tokenService;
+    }
+
+    public IdsContext setTokenService(IdsTokenService tokenService) {
+        this.tokenService = tokenService;
+        return this;
+    }
+
     public IdsPipeline<Object> getFilterPipeline() {
         return filterPipeline;
     }

jap-ids/src/main/java/com/fujieid/jap/ids/service/IdsTokenService.java

@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2020-2040, 北京符节科技有限公司 ([email protected] & https://www.fujieid.com).
+ * <p>
+ * Licensed under the GNU LESSER GENERAL PUBLIC LICENSE 3.0;
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.gnu.org/licenses/lgpl.html
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.fujieid.jap.ids.service;
+
+import cn.hutool.crypto.SecureUtil;
+import com.fujieid.jap.ids.model.UserInfo;
+import com.fujieid.jap.ids.util.JwtUtil;
+
+import java.util.Set;
+import java.util.TreeSet;
+
+/**
+ * 创建 Token（包含 access_token 和 refresh_token） 以及校验 access_token 的接口
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @version 1.0.0
+ * @since 1.0.0
+ */
+public interface IdsTokenService {
+
+    /**
+     * Create an access token, Use jwt by default.
+     * <p>
+     * Developers can reimplement this method to generate access token in any format.
+     *
+     * @param clientId Client Identifier
+     * @param userinfo User Profile
+     *                 0-     * @param tokenExpireIn Id Token validity (seconds)
+     * @param nonce    Random string
+     * @param issuer   The issuer name. This parameter cannot contain the colon (:) character.
+     * @return String
+     */
+    default String createAccessToken(String clientId, UserInfo userinfo, Long tokenExpireIn, String nonce, String issuer) {
+        return this.createAccessToken(clientId, userinfo, tokenExpireIn, nonce, issuer, null);
+    }
+
+    /**
+     * Create an access token, Use jwt by default.
+     * <p>
+     * Developers can reimplement this method to generate access token in any format.
+     *
+     * @param clientId Client Identifier
+     * @param userinfo User Profile
+     *                 0-     * @param tokenExpireIn Id Token validity (seconds)
+     * @param nonce    Random string
+     * @param issuer   The issuer name. This parameter cannot contain the colon (:) character.
+     * @param scopes   The scope granted by the current access token
+     * @return String
+     */
+    default String createAccessToken(String clientId, UserInfo userinfo, Long tokenExpireIn, String nonce, String issuer, Set<String> scopes) {
+        return JwtUtil.createJwtToken(clientId, userinfo, tokenExpireIn, nonce, scopes, null, issuer);
+    }
+
+    /**
+     * Create a refresh token，default is {@code sha256(client + scope + timestamp) }
+     * <p>
+     * Developers can reimplement this method to generate refresh token in any format.
+     *
+     * @param clientId Client Identifier
+     * @param scopes   The scope granted by the current refresh token
+     * @return String
+     */
+    default String createRefreshToken(String clientId, Set<String> scopes) {
+        scopes = null == scopes || scopes.size() == 0 ? new TreeSet<>() : scopes;
+        return SecureUtil.sha256(clientId.concat(String.join(",", scopes)).concat(System.currentTimeMillis() + ""));
+    }
+
+    /**
+     * Check the availability of access token
+     *
+     * @param accessToken access_token
+     * @return bool
+     */
+    boolean verifyAccessToken(String accessToken);
+}

jap-ids/src/main/java/com/fujieid/jap/ids/util/TokenUtil.java

@@ -16,13 +16,14 @@
 package com.fujieid.jap.ids.util;
 
 import cn.hutool.core.util.ObjectUtil;
-import cn.hutool.crypto.SecureUtil;
 import com.fujieid.jap.core.util.RequestUtil;
 import com.fujieid.jap.ids.JapIds;
+import com.fujieid.jap.ids.exception.IdsTokenException;
 import com.fujieid.jap.ids.exception.InvalidTokenException;
 import com.fujieid.jap.ids.model.*;
 import com.fujieid.jap.ids.model.enums.ErrorResponse;
 import com.fujieid.jap.ids.model.enums.TokenAuthMethod;
+import com.fujieid.jap.ids.service.IdsTokenService;
 import com.xkcoding.json.util.StringUtil;
 
 import javax.servlet.http.HttpServletRequest;
@@ -111,8 +112,12 @@ public static AccessToken createAccessToken(UserInfo user, ClientDetail clientDe
         long accessTokenExpiresIn = OauthUtil.getAccessTokenExpiresIn(clientDetail.getAccessTokenExpiresIn());
         long refreshTokenExpiresIn = OauthUtil.getRefreshTokenExpiresIn(clientDetail.getRefreshTokenExpiresIn());
 
-        String accessTokenStr = JwtUtil.createJwtToken(clientId, user, accessTokenExpiresIn, nonce, issuer);
-        String refreshTokenStr = SecureUtil.sha256(clientId.concat(scope).concat(System.currentTimeMillis() + ""));
+        IdsTokenService tokenService = JapIds.getContext().getTokenService();
+        if (null == tokenService) {
+            throw new IdsTokenException("com.fujieid.jap.ids.service.IdsTokenService has not been injected");
+        }
+        String accessTokenStr = tokenService.createAccessToken(clientId, user, accessTokenExpiresIn, nonce, issuer, null);
+        String refreshTokenStr = tokenService.createRefreshToken(clientId, OauthUtil.convertStrToList(scope));
 
         AccessToken accessToken = new AccessToken();
         accessToken.setAccessToken(accessTokenStr);
@@ -141,7 +146,12 @@ public static AccessToken createAccessToken(UserInfo user, ClientDetail clientDe
     public static AccessToken refreshAccessToken(UserInfo user, ClientDetail clientDetail, AccessToken accessToken, String nonce, String issuer) {
         String rawToken = accessToken.getAccessToken();
         Long accessTokenExpiresIn = OauthUtil.getAccessTokenExpiresIn(clientDetail.getAccessTokenExpiresIn());
-        String accessTokenStr = JwtUtil.createJwtToken(clientDetail.getClientId(), user, accessTokenExpiresIn, nonce, issuer);
+
+        IdsTokenService tokenService = JapIds.getContext().getTokenService();
+        if (null == tokenService) {
+            throw new IdsTokenException("com.fujieid.jap.ids.service.IdsTokenService has not been injected");
+        }
+        String accessTokenStr = tokenService.createAccessToken(clientDetail.getClientId(), user, accessTokenExpiresIn, nonce, issuer, null);
         accessToken.setAccessToken(accessTokenStr);
         accessToken.setAccessTokenExpiresIn(accessTokenExpiresIn);