diff --git a/components/identity-extensions/backend-oauth-authenticator/pom.xml b/components/identity-extensions/backend-oauth-authenticator/pom.xml
new file mode 100644
index 0000000000..fdf8334f83
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/pom.xml
@@ -0,0 +1,124 @@
+
+
+
+
+ identity-extensions
+ org.wso2.carbon.devicemgt
+ 0.9.2-SNAPSHOT
+
+ 4.0.0
+ bundle
+ WSO2 Carbon - OAuth Back End Authenticator
+ org.wso2.carbon.identity.authenticator.backend.oauth
+
+
+
+ org.wso2.carbon
+ org.wso2.carbon.utils
+
+
+ org.wso2.carbon.identity
+ org.wso2.carbon.identity.base
+
+
+ org.wso2.carbon.identity
+ org.wso2.carbon.identity.core
+
+
+ org.wso2.carbon
+ org.wso2.carbon.core
+
+
+ org.wso2.carbon
+ org.wso2.carbon.logging
+
+
+ org.wso2.carbon.identity
+ org.wso2.carbon.identity.application.authentication.framework
+
+
+ org.wso2.carbon
+ org.wso2.carbon.core.services
+
+
+ org.wso2.carbon.identity
+ org.wso2.carbon.identity.oauth
+
+
+ org.wso2.carbon.identity
+ org.wso2.carbon.identity.application.common
+
+
+ org.wso2.carbon.identity
+ org.wso2.carbon.identity.oauth.stub
+
+
+
+
+
+
+ org.apache.felix
+ maven-scr-plugin
+
+
+ org.apache.felix
+ maven-bundle-plugin
+ 1.4.0
+ true
+
+
+ ${pom.artifactId}
+ ${pom.artifactId}
+
+ org.wso2.sample.authenticator.internal
+
+
+ !org.wso2.sample.authenticator.internal,
+ org.wso2.sample.authenticator.*,
+
+
+ javax.servlet.http,
+ org.apache.commons.logging,
+ org.wso2.carbon.identity.application.authentication.framework.*,
+ org.wso2.carbon.identity.oauth2,
+ org.wso2.carbon.identity.oauth2.dto,
+ org.wso2.carbon.user.core.service,
+ org.wso2.carbon.utils.multitenancy,
+ org.apache.axis2.client,
+ org.apache.axis2.context,
+ org.apache.axis2.transport.http,
+ org.apache.commons.httpclient,
+ org.osgi.framework,
+ org.osgi.service.component,
+ org.wso2.carbon.core.security,
+ org.wso2.carbon.core.services.authentication,
+ org.wso2.carbon.identity.oauth2.stub,
+ org.wso2.carbon.identity.oauth2.stub.dto
+
+
+ org.wso2.carbon.identity.authenticator.backend.oauth.*;
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java
new file mode 100755
index 0000000000..42eafd7888
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java
@@ -0,0 +1,41 @@
+/*
+* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* WSO2 Inc. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+package org.wso2.carbon.identity.authenticator.backend.oauth;
+
+/**
+ * Custom exception for backend OAuth authentication
+ */
+@SuppressWarnings("unused")
+public class AuthenticatorException extends Exception {
+
+ private static final long serialVersionUID = 1L;
+
+ public AuthenticatorException(String message) {
+ super(message);
+ }
+
+ public AuthenticatorException(Throwable e) {
+ super(e);
+ }
+
+ public AuthenticatorException(String message, Throwable e) {
+ super(message, e);
+ }
+
+
+}
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java
new file mode 100755
index 0000000000..beaf5c70b0
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java
@@ -0,0 +1,161 @@
+/*
+ * Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.wso2.carbon.identity.authenticator.backend.oauth;
+
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.transport.http.HTTPConstants;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.base.MultitenantConstants;
+import org.wso2.carbon.core.security.AuthenticatorsConfiguration;
+import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationResponse;
+import org.wso2.carbon.utils.ServerConstants;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidatorFactory;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import java.rmi.RemoteException;
+
+/**
+ * This is a custom back end authenticator for enable OAuth token authentication for admin services
+ */
+public class OauthAuthenticator implements CarbonServerAuthenticator {
+
+ private static final Log log = LogFactory.getLog(OauthAuthenticator.class);
+ private static final int PRIORITY = 5;
+ private static final int ACCESS_TOKEN_INDEX = 1;
+ private OAuth2TokenValidator tokenValidator;
+
+ public OauthAuthenticator() {
+ AuthenticatorsConfiguration authenticatorsConfiguration = AuthenticatorsConfiguration.getInstance();
+ AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = authenticatorsConfiguration.
+ getAuthenticatorConfig(OauthAuthenticatorConstants.AUTHENTICATOR_NAME);
+ boolean isRemote;
+ String hostUrl;
+ if (authenticatorConfig != null) {
+ isRemote = Boolean.parseBoolean(authenticatorConfig.getParameters().get("isRemote"));
+ hostUrl = authenticatorConfig.getParameters().get("hostURL");
+ }else{
+ throw new IllegalArgumentException("Configuration parameters need to be defined in Authenticators.xml");
+ }
+ try {
+ tokenValidator = OAuthValidatorFactory.getValidator(isRemote, hostUrl);
+ } catch (IllegalArgumentException e) {
+ log.error("Failed to initialise Authenticator",e);
+ }
+ }
+
+ /**
+ * Checks whether the authentication of the context can be handled using this authenticator.
+ *
+ * @param messageContext containing the request need to be authenticated.
+ * @return boolean indicating whether the request can be authenticated by this Authenticator.
+ */
+ public boolean isHandle(MessageContext messageContext) {
+ HttpServletRequest httpServletRequest = getHttpRequest(messageContext);
+ String headerValue = httpServletRequest.getHeader(HTTPConstants.HEADER_AUTHORIZATION);
+ if (headerValue != null && !headerValue.trim().isEmpty()) {
+ String[] headerPart = headerValue.trim().split(OauthAuthenticatorConstants.SPLITING_CHARACTOR);
+ if (OauthAuthenticatorConstants.AUTHORIZATION_HEADER_PREFIX_BEARER.equals(headerPart[0])) {
+ return true;
+ }
+ } else if (httpServletRequest.getParameter(OauthAuthenticatorConstants.BEARER_TOKEN_IDENTIFIER) != null) {
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * Authenticates the user using the provided OAuth token and returns the status as a boolean.
+ * Sets the tenant domain and tenant friendly username to the session as attributes.
+ *
+ * @param messageContext containing the request need to be authenticated.
+ * @return boolean indicating the authentication status.
+ */
+ public boolean isAuthenticated(MessageContext messageContext) {
+ HttpServletRequest httpServletRequest = getHttpRequest(messageContext);
+ String headerValue = httpServletRequest.getHeader(HTTPConstants.HEADER_AUTHORIZATION);
+ String[] headerPart = headerValue.trim().split(OauthAuthenticatorConstants.SPLITING_CHARACTOR);
+ String accessToken = headerPart[ACCESS_TOKEN_INDEX];
+ OAuthValidationResponse response = null;
+ try {
+ response = tokenValidator.validateToken(accessToken);
+ } catch (RemoteException e) {
+ log.error("Failed to validate the OAuth token provided.", e);
+ }
+ if (response != null && response.isValid()) {
+ HttpSession session;
+ if ((session = httpServletRequest.getSession(false)) != null) {
+ session.setAttribute(MultitenantConstants.TENANT_DOMAIN, response.getTenantDomain());
+ session.setAttribute(ServerConstants.USER_LOGGED_IN, response.getUserName());
+ if (log.isDebugEnabled()) {
+ log.debug("Authentication successful for " + session.getAttribute(ServerConstants.USER_LOGGED_IN));
+ }
+ }
+ return true;
+ }
+ if (log.isDebugEnabled()) {
+ log.debug("Authentication failed.Illegal attempt from session " + httpServletRequest.getSession().getId());
+ }
+ return false;
+ }
+
+ /**
+ * this method is currently not implemented.
+ *
+ * @param messageContext containing the request need to be authenticated.
+ * @return boolean
+ */
+ public boolean authenticateWithRememberMe(MessageContext messageContext) {
+ throw new UnsupportedOperationException();
+ }
+
+ /**
+ * @return string Authenticator name.
+ */
+ public String getAuthenticatorName() {
+ return OauthAuthenticatorConstants.AUTHENTICATOR_NAME;
+ }
+
+ /**
+ * @return int priority of the authenticator.
+ */
+ public int getPriority() {
+ return PRIORITY;
+ }
+
+ /**
+ * @return boolean true for enable or otherwise for disable status.
+ */
+ public boolean isDisabled() {
+ return false;
+ }
+
+ /**
+ * Retrieve HTTP Servlet Request form thr Message Context.
+ *
+ * @param messageContext Containing the Servlet Request for backend authentication.
+ * @return HTTPServletRequest.
+ */
+ private HttpServletRequest getHttpRequest(MessageContext messageContext) {
+ return (HttpServletRequest) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
+ }
+
+}
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticatorConstants.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticatorConstants.java
new file mode 100755
index 0000000000..badaf8dbed
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticatorConstants.java
@@ -0,0 +1,28 @@
+/*
+* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* WSO2 Inc. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+package org.wso2.carbon.identity.authenticator.backend.oauth;
+
+public class OauthAuthenticatorConstants {
+ public static final String AUTHORIZATION_HEADER_PREFIX_BEARER = "Bearer";
+ public static final String BEARER_TOKEN_TYPE = "bearer";
+ public static final String BEARER_TOKEN_IDENTIFIER = "token";
+ public static final String AUTHENTICATOR_NAME = "BackEndOAuthAuthenticator";
+ public static final String SPLITING_CHARACTOR = " ";
+ public static String OAUTH_ENDPOINT_POSTFIX =
+ "/services/OAuth2TokenValidationService.OAuth2TokenValidationServiceHttpsSoap12Endpoint/";
+}
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/internal/OauthAuthenticatorServiceComponent.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/internal/OauthAuthenticatorServiceComponent.java
new file mode 100755
index 0000000000..59577ac633
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/internal/OauthAuthenticatorServiceComponent.java
@@ -0,0 +1,56 @@
+/*
+* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* WSO2 Inc. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+
+package org.wso2.carbon.identity.authenticator.backend.oauth.internal;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.osgi.service.component.ComponentContext;
+import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator;
+import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticator;
+
+
+/**
+ * @scr.component component.name="org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticator" immediate="true"
+ */
+@SuppressWarnings("unused")
+public class OauthAuthenticatorServiceComponent {
+
+ private static final Log log = LogFactory.getLog(OauthAuthenticatorServiceComponent
+ .class);
+
+ protected void activate(ComponentContext ctxt) {
+ try {
+ OauthAuthenticator oauthAuthenticator = new OauthAuthenticator();
+ ctxt.getBundleContext().registerService(CarbonServerAuthenticator.class.getName(),
+ oauthAuthenticator, null);
+ if (log.isDebugEnabled()) {
+ log.debug("OAuth Authenticator bundle is activated");
+ }
+ } catch (Throwable e) {
+ log.fatal(" Error while activating OAuth authenticator ", e);
+ }
+ }
+
+ protected void deactivate(ComponentContext ctxt) {
+ if (log.isDebugEnabled()) {
+ log.debug("OAuth Authenticator bundle is deactivated");
+ }
+ }
+
+}
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java
new file mode 100755
index 0000000000..c0c5c8662a
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java
@@ -0,0 +1,34 @@
+/*
+* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* WSO2 Inc. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+package org.wso2.carbon.identity.authenticator.backend.oauth.validator;
+
+import java.rmi.RemoteException;
+
+/**
+ * Interface for the OAuth@TokenValidators
+ */
+public interface OAuth2TokenValidator {
+ /**
+ * This method gets a string accessToken and validates it and generate the OAuth2ClientApplicationDTO
+ * containing the validity and user details if valid.
+ *
+ * @param accessToken which need to be validated.
+ * @return OAuthValidationResponse with the validated results.
+ */
+ OAuthValidationResponse validateToken(String accessToken) throws RemoteException;
+}
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationResponse.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationResponse.java
new file mode 100755
index 0000000000..b794a22424
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationResponse.java
@@ -0,0 +1,58 @@
+/*
+* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* WSO2 Inc. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+package org.wso2.carbon.identity.authenticator.backend.oauth.validator;
+
+/**
+ * This class hold the validation information which can be retrieve by both remote and in house IDPs
+ */
+@SuppressWarnings("unused")
+public class OAuthValidationResponse {
+ private String userName;
+ private String tenantDomain;
+ private boolean isValid;
+
+ public OAuthValidationResponse(String userName, String tenantDomain, boolean isValid) {
+ this.userName = userName;
+ this.tenantDomain = tenantDomain;
+ this.isValid = isValid;
+ }
+
+ public String getUserName() {
+ return userName;
+ }
+
+ public void setUserName(String userName) {
+ this.userName = userName;
+ }
+
+ public String getTenantDomain() {
+ return tenantDomain;
+ }
+
+ public void setTenantDomain(String tenantDomain) {
+ this.tenantDomain = tenantDomain;
+ }
+
+ public boolean isValid() {
+ return isValid;
+ }
+
+ public void setIsValid(boolean isValid) {
+ this.isValid = isValid;
+ }
+}
\ No newline at end of file
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java
new file mode 100755
index 0000000000..bb88d98f7e
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java
@@ -0,0 +1,46 @@
+/*
+* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* WSO2 Inc. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+package org.wso2.carbon.identity.authenticator.backend.oauth.validator;
+
+import org.wso2.carbon.identity.authenticator.backend.oauth.AuthenticatorException;
+import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl.ExternalOAuthValidator;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl.LocalOAuthValidator;
+
+/**
+ * The class validate the configurations and provide the most suitable implementation according to the configuration.
+ * Factory class for OAuthValidator.
+ */
+public class OAuthValidatorFactory {
+
+ /**
+ * The method check the configuration and provide the appropriate implementation for OAuth2TokenValidator
+ * @return OAuth2TokenValidator
+ */
+ public static OAuth2TokenValidator getValidator(boolean isRemote, String hostURL) throws IllegalArgumentException {
+ if (isRemote) {
+ if (!(hostURL == null || hostURL.trim().isEmpty())) {
+ hostURL = hostURL + OauthAuthenticatorConstants.OAUTH_ENDPOINT_POSTFIX;
+ return new ExternalOAuthValidator(hostURL);
+ } else {
+ throw new IllegalArgumentException("Remote server name and ip both can't be empty");
+ }
+ }
+ return new LocalOAuthValidator();
+ }
+}
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java
new file mode 100755
index 0000000000..8d8a101537
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java
@@ -0,0 +1,85 @@
+/*
+* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* WSO2 Inc. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+package org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl;
+
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.transport.http.HTTPConstants;
+import org.apache.commons.httpclient.Header;
+import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationResponse;
+import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub;
+import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO;
+import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_OAuth2AccessToken;
+import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO;
+import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
+
+import java.rmi.RemoteException;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Handles the Authentication form external IDP servers.
+ * Currently only supports WSO@ IS
+ */
+public class ExternalOAuthValidator implements OAuth2TokenValidator{
+ protected String hostURL ;
+
+ public ExternalOAuthValidator(String hostURL) {
+ this.hostURL = hostURL;
+ }
+ /**
+ * This method gets a string accessToken and validates it and generate the OAuth2ClientApplicationDTO
+ * containing the validity and user details if valid.
+ *
+ * @param token which need to be validated.
+ * @return OAuthValidationResponse with the validated results.
+ */
+ public OAuthValidationResponse validateToken(String token) throws RemoteException {
+ OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO();
+ OAuth2TokenValidationRequestDTO_OAuth2AccessToken accessToken =
+ new OAuth2TokenValidationRequestDTO_OAuth2AccessToken();
+ accessToken.setTokenType(OauthAuthenticatorConstants.BEARER_TOKEN_TYPE);
+ accessToken.setIdentifier(token);
+ validationRequest.setAccessToken(accessToken);
+ OAuth2TokenValidationServiceStub tokenValidationService =
+ new OAuth2TokenValidationServiceStub(hostURL);
+ ServiceClient client = tokenValidationService._getServiceClient();
+ Options options = client.getOptions();
+ List headerList = new ArrayList<>();
+ Header header = new Header();
+ header.setName(HTTPConstants.HEADER_AUTHORIZATION);
+ header.setValue(OauthAuthenticatorConstants.AUTHORIZATION_HEADER_PREFIX_BEARER+ " " + token);
+ headerList.add(header);
+ options.setProperty(org.apache.axis2.transport.http.HTTPConstants.HTTP_HEADERS, headerList);
+ client.setOptions(options);
+ OAuth2TokenValidationResponseDTO tokenValidationResponse = tokenValidationService.
+ findOAuthConsumerIfTokenIsValid(validationRequest).getAccessTokenValidationResponse();
+ boolean isValid = tokenValidationResponse.getValid();
+ String userName = null;
+ String tenantDomain = null;
+ if(isValid){
+ userName = MultitenantUtils.getTenantAwareUsername(
+ tokenValidationResponse.getAuthorizedUser());
+ tenantDomain = MultitenantUtils.
+ getTenantDomain(tokenValidationResponse.getAuthorizedUser());
+ }
+ return new OAuthValidationResponse(userName,tenantDomain,isValid);
+ }
+}
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java
new file mode 100755
index 0000000000..2deb2b3b36
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java
@@ -0,0 +1,60 @@
+/*
+* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* WSO2 Inc. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+package org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl;
+
+import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationResponse;
+import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
+import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
+import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO;
+import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
+
+/**
+ * Handles the authentication using the inbuilt IS features.
+ */
+public class LocalOAuthValidator implements OAuth2TokenValidator {
+ /**
+ * This method gets a string accessToken and validates it and generate the OAuth2ClientApplicationDTO
+ * containing the validity and user details if valid.
+ *
+ * @param token which need to be validated.
+ * @return OAuthValidationResponse with the validated results.
+ */
+ public OAuthValidationResponse validateToken(String token) {
+ OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO();
+ OAuth2TokenValidationRequestDTO.OAuth2AccessToken accessToken =
+ validationRequest.new OAuth2AccessToken();
+ accessToken.setTokenType(OauthAuthenticatorConstants.BEARER_TOKEN_TYPE);
+ accessToken.setIdentifier(token);
+ validationRequest.setAccessToken(accessToken);
+ OAuth2TokenValidationService validationService = new OAuth2TokenValidationService();
+ OAuth2TokenValidationResponseDTO tokenValidationResponse = validationService.
+ findOAuthConsumerIfTokenIsValid(validationRequest).getAccessTokenValidationResponse();
+ boolean isValid = tokenValidationResponse.isValid();
+ String userName = null;
+ String tenantDomain = null;
+ if(isValid){
+ userName = MultitenantUtils.getTenantAwareUsername(
+ tokenValidationResponse.getAuthorizedUser());
+ tenantDomain =
+ MultitenantUtils.getTenantDomain(tokenValidationResponse.getAuthorizedUser());
+ }
+ return new OAuthValidationResponse(userName,tenantDomain,isValid);
+ }
+}
diff --git a/components/identity-extensions/pom.xml b/components/identity-extensions/pom.xml
index 78a24d9adb..8dbb24619d 100644
--- a/components/identity-extensions/pom.xml
+++ b/components/identity-extensions/pom.xml
@@ -37,6 +37,7 @@
org.wso2.carbon.device.mgt.oauth.extensions
dynamic-client-registration
+ backend-oauth-authenticator
diff --git a/pom.xml b/pom.xml
index d3b520e7bb..12b522c5bb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -942,6 +942,21 @@
org.wso2.carbon.identity.oauth.stub
${carbon.identity.version}
+
+ org.wso2.carbon.identity
+ org.wso2.carbon.identity.application.authentication.framework
+ ${carbon.identity.version}
+
+
+ org.wso2.carbon.identity
+ org.wso2.carbon.identity.oauth
+ ${carbon.identity.version}
+
+
+ org.wso2.carbon.identity
+ org.wso2.carbon.identity.application.common
+ ${carbon.identity.version}
+
@@ -1127,11 +1142,6 @@
-
- org.wso2.carbon.identity
- org.wso2.carbon.identity.oauth
- ${carbon.identity.version}
-
org.wso2.carbon.identity
org.wso2.carbon.identity.sso.saml