@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception {

    RequestParameter[] requestParameters = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters();
    for (RequestParameter requestParameter : requestParameters) {
        if (TENANT_DOMAIN_KEY.equals(requestParameter.getKey())) {
            String[] values = requestParameter.getValue();
            if (values != null && values.length > 0) {
                tokReqMsgCtx.getOauth2AccessTokenReqDTO()
                        .setTenantDomain(values[0]);
            }
        }
    }

    return super.validateGrant(tokReqMsgCtx);
}
 

@Override
public boolean authorizeAccessDelegation(OAuthTokenReqMessageContext tokReqMsgCtx) {

    RequestParameter[] parameters = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters();

    long validityPeriod;

    if (parameters == null) {
        return true;
    }

    // find out validity period
    for (RequestParameter parameter : parameters) {
        if (VALIDITY_PERIOD.equals(parameter.getKey()) 
                && parameter.getValue() != null && parameter.getValue().length > 0) {
            validityPeriod = Long.parseLong(parameter.getValue()[0]);
            //set validity time
            tokReqMsgCtx.setValidityPeriod(validityPeriod);
        }
    }

    return true;
}
 

@Override
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception {
    if (!super.validateGrant(tokReqMsgCtx)) {
        return false;
    } else {
        OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO = tokReqMsgCtx.getOauth2AccessTokenReqDTO();
        String username = null;
        String userTenantDomain = null;
        String clientId = oAuth2AccessTokenReqDTO.getClientId();
        String spTenantDomain = null;
        OAuthValidationResponse response;
        ServiceProvider serviceProvider;
        boolean authStatus = false;

        String accessToken = null;
        RequestParameter[] parameters = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters();

        for (RequestParameter parameter : parameters) {
            if (TOKEN_GRANT_PARAM.equals(parameter.getKey())) {
                if (parameter.getValue() != null && parameter.getValue().length > 0) {
                    accessToken = parameter.getValue()[0];
                }
            }
        }

        if (accessToken != null && !accessToken.isEmpty()) {
            try {
                response = tokenValidator.validateToken(accessToken);
            } catch (RemoteException e) {
                log.error("Failed to validate the OAuth token provided.", e);
                return false;
            }
            if (response != null && response.isValid()) {
                authStatus = true;
                username = response.getUserName() + "@" + response.getTenantDomain();
                userTenantDomain = MultitenantUtils.getTenantDomain(username);
                spTenantDomain = response.getTenantDomain();
            } else if (response != null && !response.isValid()) {
                throw new IdentityOAuth2Exception("Authentication failed for the provided access token");
            }
        }

        try {
            serviceProvider = OAuth2ServiceComponentHolder.getApplicationMgtService()
                    .getServiceProviderByClientId(clientId, "oauth2", spTenantDomain);
        } catch (IdentityApplicationManagementException var15) {
            throw new IdentityOAuth2Exception("Error occurred while retrieving OAuth2 application data for client id "
                    + clientId, var15);
        }

        if (!serviceProvider.isSaasApp() && !userTenantDomain.equals(spTenantDomain)) {
            if (log.isDebugEnabled()) {
                log.debug("Non-SaaS service provider tenant domain is not same as user tenant domain; "
                        + spTenantDomain + " != " + userTenantDomain);
            }

            return false;
        } else {
            String tenantAwareUserName = MultitenantUtils.getTenantAwareUsername(username);
            username = tenantAwareUserName + "@" + userTenantDomain;
            if (authStatus) {
                if (!username.contains("/") && StringUtils.isNotBlank(UserCoreUtil.getDomainFromThreadLocal())) {
                    username = UserCoreUtil.getDomainFromThreadLocal() + "/" + username;
                }

                AuthenticatedUser user = OAuth2Util.getUserFromUserName(username);
                user.setAuthenticatedSubjectIdentifier(user.toString());
                tokReqMsgCtx.setAuthorizedUser(user);
                tokReqMsgCtx.setScope(oAuth2AccessTokenReqDTO.getScope());
                return authStatus;
            } else {
                throw new IdentityOAuth2Exception("Authentication failed for " + username);
            }
        }
    }
}
 

public RequestParameter[] getRequestParameters() {
    return requestParameters;
}
 

public void setRequestParameters(RequestParameter[] requestParameters) {
    this.requestParameters = requestParameters;
}