diff --git a/components/identity-extensions/backend-oauth-authenticator/pom.xml b/components/identity-extensions/backend-oauth-authenticator/pom.xml
new file mode 100644
index 0000000000..ac4bc382e5
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/pom.xml
@@ -0,0 +1,108 @@
+
+
+
+ identity-extensions
+ org.wso2.carbon.devicemgt
+ 0.9.2-SNAPSHOT
+
+ 4.0.0
+ bundle
+ WSO2 Carbon - OAuth Back End Authenticator
+ org.wso2.carbon.identity.authenticator.backend.oauth
+
+
+
+ org.wso2.carbon
+ org.wso2.carbon.utils
+ ${carbon.kernel.version}
+
+
+ org.wso2.carbon.identity
+ org.wso2.carbon.identity.base
+ ${carbon.identity.version}
+
+
+ org.wso2.carbon.identity
+ org.wso2.carbon.identity.core
+ ${carbon.identity.version}
+
+
+ org.wso2.carbon
+ org.wso2.carbon.core
+ ${carbon.kernel.version}
+
+
+ org.wso2.carbon
+ org.wso2.carbon.logging
+ ${carbon.kernel.version}
+
+
+ org.wso2.carbon.identity
+ org.wso2.carbon.identity.application.authentication.framework
+ ${carbon.identity.version}
+
+
+ org.wso2.carbon
+ org.wso2.carbon.core.services
+ ${carbon.kernel.version}
+
+
+ org.wso2.carbon.identity
+ org.wso2.carbon.identity.oauth
+ ${carbon.identity.version}
+
+
+ org.wso2.carbon.identity
+ org.wso2.carbon.identity.application.common
+ ${carbon.identity.version}
+
+
+ org.wso2.carbon.identity
+ org.wso2.carbon.identity.oauth.stub
+
+
+
+
+
+
+ org.apache.felix
+ maven-scr-plugin
+
+
+ org.apache.felix
+ maven-bundle-plugin
+ 1.4.0
+ true
+
+
+ ${pom.artifactId}
+ ${pom.artifactId}
+
+ org.wso2.sample.authenticator.internal
+
+
+ !org.wso2.sample.authenticator.internal,
+ org.wso2.sample.authenticator.*,
+
+
+ javax.servlet.http,
+ org.apache.commons.logging,
+ org.wso2.carbon.identity.application.authentication.framework.*,
+ org.wso2.carbon.identity.oauth2,
+ org.wso2.carbon.identity.oauth2.dto,
+ org.wso2.carbon.user.core.service,
+ org.wso2.carbon.utils.multitenancy
+
+
+ org.wso2.carbon.identity.authenticator.backend.oauth.*;
+
+ *
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java
new file mode 100755
index 0000000000..05bc3d69f7
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/AuthenticatorException.java
@@ -0,0 +1,41 @@
+/*
+* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* WSO2 Inc. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+package org.wso2.carbon.identity.authenticator.backend.oauth;
+
+/**
+ *Custom exception for backend OAuth authentication
+ */
+@SuppressWarnings("unused")
+public class AuthenticatorException extends Exception {
+
+ private static final long serialVersionUID = 1L;
+
+ public AuthenticatorException(String message) {
+ super(message);
+ }
+
+ public AuthenticatorException(Throwable e) {
+ super(e);
+ }
+
+ public AuthenticatorException(String message, Throwable e) {
+ super(message, e);
+ }
+
+
+}
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java
new file mode 100755
index 0000000000..43877ba832
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticator.java
@@ -0,0 +1,170 @@
+/*
+ * Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.wso2.carbon.identity.authenticator.backend.oauth;
+
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.transport.http.HTTPConstants;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.base.MultitenantConstants;
+import org.wso2.carbon.core.security.AuthenticatorsConfiguration;
+import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator;
+import org.wso2.carbon.utils.ServerConstants;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidatorFactory;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import java.rmi.RemoteException;
+
+/**
+ * This is a custom back end authenticator for enable OAuth token authentication for admin services
+ */
+public class OauthAuthenticator implements CarbonServerAuthenticator {
+
+ private static final Log log = LogFactory.getLog(OauthAuthenticator.class);
+ private static final int PRIORITY = 5;
+ private static final int ACCESS_TOKEN_INDEX = 1;
+
+ private static String hostUrl = "";
+ private static boolean isRemote = false;
+
+ static {
+ AuthenticatorsConfiguration authenticatorsConfiguration = AuthenticatorsConfiguration.getInstance();
+ AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = authenticatorsConfiguration.getAuthenticatorConfig(OauthAuthenticatorConstants.AUTHENTICATOR_NAME);
+
+ if (authenticatorConfig != null) {
+ isRemote = Boolean.parseBoolean(authenticatorConfig.getParameters().get("isRemote"));
+ hostUrl = authenticatorConfig.getParameters().get("hostURL");
+
+ }
+ }
+
+ /**
+ * Checks whether the authentication of the context can be handled using this authenticator.
+ *
+ * @param messageContext containing the request need to be authenticated.
+ * @return boolean indicating whether the request can be authenticated by this Authenticator.
+ */
+ public boolean isHandle(MessageContext messageContext) {
+ HttpServletRequest httpServletRequest = getHttpRequest(messageContext);
+ String headerValue = httpServletRequest.getHeader(HTTPConstants.HEADER_AUTHORIZATION);
+
+ if (headerValue != null && !headerValue.trim().isEmpty()) {
+ String[] headerPart = headerValue.trim().split(OauthAuthenticatorConstants.SPLITING_CHARACTOR);
+
+ if (OauthAuthenticatorConstants.AUTHORIZATION_HEADER_PREFIX_BEARER.equals(headerPart[0])) {
+ return true;
+ }
+ } else if (httpServletRequest.getParameter(OauthAuthenticatorConstants.BEARER_TOKEN_IDENTIFIER) != null) {
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * Authenticates the user using the provided OAuth token and returns the status as a boolean.
+ * Sets the tenant domain and tenant friendly username to the session as attributes.
+ *
+ * @param messageContext containing the request need to be authenticated.
+ * @return boolean indicating the authentication status.
+ */
+ public boolean isAuthenticated(MessageContext messageContext) {
+ HttpServletRequest httpServletRequest = getHttpRequest(messageContext);
+ String headerValue = httpServletRequest.getHeader(HTTPConstants.HEADER_AUTHORIZATION);
+ //split the header value to separate the identity type and the token.
+ String[] headerPart = headerValue.trim().split(OauthAuthenticatorConstants.SPLITING_CHARACTOR);
+ String accessToken = headerPart[ACCESS_TOKEN_INDEX];
+ OAuth2TokenValidator tokenValidator = OAuthValidatorFactory.getValidator(isRemote,hostUrl);
+
+ if (tokenValidator == null) {
+ log.error("OAuthValidationFactory failed to return a validator",
+ new AuthenticatorException("OAuthValidatorFactory Failed to determine the validator"));
+ return false;
+ }
+
+ OAuthValidationRespond respond = null;
+ try {
+ respond = tokenValidator.validateToken(accessToken);
+ } catch (RemoteException e) {
+ log.error("Failed to validate the OAuth token provided.", e);
+ }
+
+ if (respond != null && respond.isValid()) {
+ HttpSession session;
+
+ if ((session = httpServletRequest.getSession(false)) != null) {
+ session.setAttribute(MultitenantConstants.TENANT_DOMAIN, respond.getTenantDomain());
+ session.setAttribute(ServerConstants.USER_LOGGED_IN, respond.getUserName());
+
+ if (log.isDebugEnabled()) {
+ log.debug("Authentication successful for " + session.getAttribute(ServerConstants.USER_LOGGED_IN));
+ }
+ }
+ return true;
+ }
+
+ if (log.isDebugEnabled()) {
+ log.debug("Authentication failed.Illegal attempt from session " + httpServletRequest.getSession().getId());
+ }
+ return false;
+ }
+
+ /**
+ * this method is currently not implemented.
+ *
+ * @param messageContext containing the request need to be authenticated.
+ * @return boolean
+ */
+ public boolean authenticateWithRememberMe(MessageContext messageContext) {
+ throw new UnsupportedOperationException();
+ }
+
+ /**
+ * @return string Authenticator name.
+ */
+ public String getAuthenticatorName() {
+ return OauthAuthenticatorConstants.AUTHENTICATOR_NAME;
+ }
+
+ /**
+ * @return int priority of the authenticator.
+ */
+ public int getPriority() {
+ return PRIORITY;
+ }
+
+ /**
+ * @return boolean true for enable or otherwise for disable status.
+ */
+ public boolean isDisabled() {
+ return false;
+ }
+
+ /**
+ * Retrieve HTTP Servlet Request form thr Message Context.
+ *
+ * @param messageContext Containing the Servlet Request for backend authentication.
+ * @return HTTPServletRequest.
+ */
+ private HttpServletRequest getHttpRequest(MessageContext messageContext) {
+ return (HttpServletRequest) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
+ }
+
+}
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticatorConstants.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticatorConstants.java
new file mode 100755
index 0000000000..badaf8dbed
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticatorConstants.java
@@ -0,0 +1,28 @@
+/*
+* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* WSO2 Inc. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+package org.wso2.carbon.identity.authenticator.backend.oauth;
+
+public class OauthAuthenticatorConstants {
+ public static final String AUTHORIZATION_HEADER_PREFIX_BEARER = "Bearer";
+ public static final String BEARER_TOKEN_TYPE = "bearer";
+ public static final String BEARER_TOKEN_IDENTIFIER = "token";
+ public static final String AUTHENTICATOR_NAME = "BackEndOAuthAuthenticator";
+ public static final String SPLITING_CHARACTOR = " ";
+ public static String OAUTH_ENDPOINT_POSTFIX =
+ "/services/OAuth2TokenValidationService.OAuth2TokenValidationServiceHttpsSoap12Endpoint/";
+}
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/internal/OauthAuthenticatorServiceComponent.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/internal/OauthAuthenticatorServiceComponent.java
new file mode 100755
index 0000000000..59577ac633
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/internal/OauthAuthenticatorServiceComponent.java
@@ -0,0 +1,56 @@
+/*
+* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* WSO2 Inc. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+
+package org.wso2.carbon.identity.authenticator.backend.oauth.internal;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.osgi.service.component.ComponentContext;
+import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator;
+import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticator;
+
+
+/**
+ * @scr.component component.name="org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticator" immediate="true"
+ */
+@SuppressWarnings("unused")
+public class OauthAuthenticatorServiceComponent {
+
+ private static final Log log = LogFactory.getLog(OauthAuthenticatorServiceComponent
+ .class);
+
+ protected void activate(ComponentContext ctxt) {
+ try {
+ OauthAuthenticator oauthAuthenticator = new OauthAuthenticator();
+ ctxt.getBundleContext().registerService(CarbonServerAuthenticator.class.getName(),
+ oauthAuthenticator, null);
+ if (log.isDebugEnabled()) {
+ log.debug("OAuth Authenticator bundle is activated");
+ }
+ } catch (Throwable e) {
+ log.fatal(" Error while activating OAuth authenticator ", e);
+ }
+ }
+
+ protected void deactivate(ComponentContext ctxt) {
+ if (log.isDebugEnabled()) {
+ log.debug("OAuth Authenticator bundle is deactivated");
+ }
+ }
+
+}
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java
new file mode 100755
index 0000000000..7382fe1370
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuth2TokenValidator.java
@@ -0,0 +1,34 @@
+/*
+* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* WSO2 Inc. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+package org.wso2.carbon.identity.authenticator.backend.oauth.validator;
+
+import java.rmi.RemoteException;
+
+/**
+ * Interface for the OAuth@TokenValidators
+ */
+public interface OAuth2TokenValidator {
+ /**
+ * This method gets a string accessToken and validates it and generate the OAuth2ClientApplicationDTO
+ * containing the validity and user details if valid.
+ *
+ * @param accessToken which need to be validated.
+ * @return OAuthValidationRespond with the validated results.
+ */
+ OAuthValidationRespond validateToken(String accessToken) throws RemoteException;
+}
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java
new file mode 100755
index 0000000000..1e45aa5923
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidationRespond.java
@@ -0,0 +1,57 @@
+/*
+* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* WSO2 Inc. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+package org.wso2.carbon.identity.authenticator.backend.oauth.validator;
+
+/**
+ * This class hold the validation information which can be retrieve by both remote and in house IDPs
+ */
+public class OAuthValidationRespond {
+ private String userName;
+ private String tenantDomain;
+ private boolean isValid;
+
+ public OAuthValidationRespond(String userName, String tenantDomain, boolean isValid) {
+ this.userName = userName;
+ this.tenantDomain = tenantDomain;
+ this.isValid = isValid;
+ }
+
+ public String getUserName() {
+ return userName;
+ }
+
+ public void setUserName(String userName) {
+ this.userName = userName;
+ }
+
+ public String getTenantDomain() {
+ return tenantDomain;
+ }
+
+ public void setTenantDomain(String tenantDomain) {
+ this.tenantDomain = tenantDomain;
+ }
+
+ public boolean isValid() {
+ return isValid;
+ }
+
+ public void setIsValid(boolean isValid) {
+ this.isValid = isValid;
+ }
+}
\ No newline at end of file
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java
new file mode 100755
index 0000000000..e3dab669c6
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/OAuthValidatorFactory.java
@@ -0,0 +1,52 @@
+/*
+* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* WSO2 Inc. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+package org.wso2.carbon.identity.authenticator.backend.oauth.validator;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.identity.authenticator.backend.oauth.AuthenticatorException;
+import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl.ExternalOAuthValidator;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl.LocalOAuthValidator;
+
+/**
+ * the class validate the configurations and provide the most suitable implementation according to the configuration.
+ * Factory class for OAuthValidator.
+ */
+public class OAuthValidatorFactory {
+ private static Log log = LogFactory.getLog(OAuthValidatorFactory.class);
+
+ /**
+ * the method check the configuration and provide the appropriate implementation for OAuth2TokenValidator
+ *
+ * @return OAuth2TokenValidator
+ */
+ public static OAuth2TokenValidator getValidator(boolean isRemote ,String hostURL) {
+ if(isRemote){
+ if(!(hostURL == null || hostURL.trim().isEmpty())){
+ hostURL = hostURL + OauthAuthenticatorConstants.OAUTH_ENDPOINT_POSTFIX;
+ return new ExternalOAuthValidator(hostURL);
+ }else {
+ log.error("IDP Configuration error",
+ new AuthenticatorException("Remote server name and ip both can't be empty"));
+ return null;
+ }
+ }
+ return new LocalOAuthValidator();
+ }
+}
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java
new file mode 100755
index 0000000000..4a337e9a9c
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/ExternalOAuthValidator.java
@@ -0,0 +1,98 @@
+/*
+* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* WSO2 Inc. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+package org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl;
+
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.transport.http.HTTPConstants;
+import org.apache.commons.httpclient.Header;
+import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub;
+import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2ClientApplicationDTO;
+import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO;
+import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_OAuth2AccessToken;
+import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationRequestDTO_TokenValidationContextParam;
+import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
+import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond;
+
+import java.rmi.RemoteException;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Handles the Authentication form external IDP servers.
+ * Currently only supports WSO2 IS.
+ * External IDP support is planned for future.
+ */
+public class ExternalOAuthValidator implements OAuth2TokenValidator{
+ protected String hostURL ;
+
+ public ExternalOAuthValidator(String hostURL) {
+ this.hostURL = hostURL;
+ }
+ /**
+ * This method gets a string accessToken and validates it and generate the OAuth2ClientApplicationDTO
+ * containing the validity and user details if valid.
+ *
+ * @param token which need to be validated.
+ * @return OAuthValidationRespond with the validated results.
+ */
+ public OAuthValidationRespond validateToken(String token) throws RemoteException {
+
+ // create an OAuth token validating request DTO
+ OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO();
+
+ // create access token object to validate and populate it
+ OAuth2TokenValidationRequestDTO_OAuth2AccessToken accessToken =
+ new OAuth2TokenValidationRequestDTO_OAuth2AccessToken();
+ accessToken.setTokenType(OauthAuthenticatorConstants.BEARER_TOKEN_TYPE);
+ accessToken.setIdentifier(token);
+ OAuth2TokenValidationRequestDTO_TokenValidationContextParam tokenValidationContextParam[] =
+ new OAuth2TokenValidationRequestDTO_TokenValidationContextParam[1];
+ validationRequest.setContext(tokenValidationContextParam);
+
+ //set the token to the validation request
+ validationRequest.setAccessToken(accessToken);
+ OAuth2TokenValidationServiceStub validationService =
+ new OAuth2TokenValidationServiceStub(hostURL);
+ ServiceClient client = validationService._getServiceClient();
+ Options options = client.getOptions();
+ List list = new ArrayList<>();
+ Header header = new Header();
+ header.setName(HTTPConstants.HEADER_AUTHORIZATION);
+ header.setValue(OauthAuthenticatorConstants.AUTHORIZATION_HEADER_PREFIX_BEARER+ " " + token);
+ list.add(header);
+ options.setProperty(org.apache.axis2.transport.http.HTTPConstants.HTTP_HEADERS, list);
+ client.setOptions(options);
+ OAuth2ClientApplicationDTO respond =
+ validationService.findOAuthConsumerIfTokenIsValid(validationRequest);
+ boolean isValid = respond.getAccessTokenValidationResponse().getValid();
+ String userName = null;
+ String tenantDomain = null;
+
+ if(isValid){
+ userName = MultitenantUtils.getTenantAwareUsername(
+ respond.getAccessTokenValidationResponse().getAuthorizedUser());
+ tenantDomain =
+ MultitenantUtils.getTenantDomain(respond.getAccessTokenValidationResponse().getAuthorizedUser());
+ }
+
+ return new OAuthValidationRespond(userName,tenantDomain,isValid);
+ }
+}
diff --git a/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java
new file mode 100755
index 0000000000..d81e7f3531
--- /dev/null
+++ b/components/identity-extensions/backend-oauth-authenticator/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/validator/impl/LocalOAuthValidator.java
@@ -0,0 +1,69 @@
+
+/*
+* Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*
+* WSO2 Inc. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+package org.wso2.carbon.identity.authenticator.backend.oauth.validator.impl;
+
+import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
+import org.wso2.carbon.identity.oauth2.dto.OAuth2ClientApplicationDTO;
+import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
+import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
+import org.wso2.carbon.identity.authenticator.backend.oauth.OauthAuthenticatorConstants;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuth2TokenValidator;
+import org.wso2.carbon.identity.authenticator.backend.oauth.validator.OAuthValidationRespond;
+
+/**
+ * Handles the authentication using the inbuilt IS features.
+ */
+public class LocalOAuthValidator implements OAuth2TokenValidator {
+ /**
+ * This method gets a string accessToken and validates it and generate the OAuth2ClientApplicationDTO
+ * containing the validity and user details if valid.
+ *
+ * @param token which need to be validated.
+ * @return OAuthValidationRespond with the validated results.
+ */
+ public OAuthValidationRespond validateToken(String token) {
+ // create an OAuth token validating request DTO
+ OAuth2TokenValidationRequestDTO validationRequest = new OAuth2TokenValidationRequestDTO();
+ // create access token object to validate and populate it
+ OAuth2TokenValidationRequestDTO.OAuth2AccessToken accessToken =
+ validationRequest.new OAuth2AccessToken();
+ accessToken.setTokenType(OauthAuthenticatorConstants.BEARER_TOKEN_TYPE);
+ accessToken.setIdentifier(token);
+ //the workaround till the version is upgraded in both is and EMM to be the same.
+ OAuth2TokenValidationRequestDTO.TokenValidationContextParam tokenValidationContextParam[] =
+ new OAuth2TokenValidationRequestDTO.TokenValidationContextParam[1];
+ //==
+ validationRequest.setContext(tokenValidationContextParam);
+ //set the token to the validation request
+ validationRequest.setAccessToken(accessToken);
+ OAuth2TokenValidationService validationService = new OAuth2TokenValidationService();
+ OAuth2ClientApplicationDTO respond = validationService.
+ findOAuthConsumerIfTokenIsValid(validationRequest);
+ boolean isValid = respond.getAccessTokenValidationResponse().isValid();
+ String userName = null;
+ String tenantDomain = null;
+ if(isValid){
+ userName = MultitenantUtils.getTenantAwareUsername(
+ respond.getAccessTokenValidationResponse().getAuthorizedUser());
+ tenantDomain =
+ MultitenantUtils.getTenantDomain(respond.getAccessTokenValidationResponse().getAuthorizedUser());
+ }
+ return new OAuthValidationRespond(userName,tenantDomain,isValid);
+ }
+}
diff --git a/components/identity-extensions/pom.xml b/components/identity-extensions/pom.xml
index 78a24d9adb..8dbb24619d 100644
--- a/components/identity-extensions/pom.xml
+++ b/components/identity-extensions/pom.xml
@@ -37,6 +37,7 @@
org.wso2.carbon.device.mgt.oauth.extensions
dynamic-client-registration
+ backend-oauth-authenticator
diff --git a/pom.xml b/pom.xml
index 26df26d760..fbfa9406f0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -941,6 +941,22 @@
org.wso2.carbon.identity.oauth.stub
${carbon.identity.version}
+
+ org.wso2.carbon.identity
+ org.wso2.carbon.identity.application.authentication.framework
+ ${carbon.identity.version}
+
+
+
+ org.wso2.carbon.identity
+ org.wso2.carbon.identity.oauth
+ ${carbon.identity.version}
+
+
+ org.wso2.carbon.identity
+ org.wso2.carbon.identity.application.common
+ ${carbon.identity.version}
+
@@ -1126,11 +1142,6 @@
-
- org.wso2.carbon.identity
- org.wso2.carbon.identity.oauth
- ${carbon.identity.version}
-
org.wso2.carbon.identity
org.wso2.carbon.identity.sso.saml