Announcement Announcement Module
No announcement yet.
Revoked/expired access token in oauth1 Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Revoked/expired access token in oauth1


    I have made an integration with Google Mail IMAP, and everything works as a charm until i revoke the access token from Google. I can't seem to find a way to make the application work again after that (except from clearing the token database and restarting the application).

    As I am using IMAP, I have a javax.mail.AuthenticationFailedException propagating up the filter.

    Does anyone have any idea if there exists a means to clear an access token from the OAuth context?

    I have tried removing it from the database in my implementation of OAuthConsumerTokenServices combined with clearing it from the HttpSessionOAuthRememberMeServices in a not protected request, but I cant get it to work.


  • #2
    Ok, I found a solution.

    For those that run into the same issue, I implemented my own failure handler which I injected using <oauth:consumer failure-handler-ref="oAuthFailureHandler" ... />.

    When I received the AuthenticationFailedException from IMAP, I wrapped it in a OAuthRequestFailedException.

    In the failure handler i did the following:

    public class OAuthFailureHandler implements AccessDeniedHandler {
        private static final Logger LOGGER = LoggerFactory.getLogger(OAuthFailureHandler.class);
        private OAuthConsumerTokenServices tokenServices;
        public void handle(final HttpServletRequest request, final HttpServletResponse response, final AccessDeniedException e) throws IOException, ServletException {
            final OAuthSecurityContext context = OAuthSecurityContextHolder.getContext();
            final Map<String, OAuthConsumerToken> accessTokens = context.getAccessTokens();
            if (e.getCause() instanceof javax.mail.AuthenticationFailedException) {
      "Removing access tokens for google mail");

    It works, but if anyone has a better idea, please post it here