String redirectUri,
List<String> requestedScope,
List<String> approvedScope,
UserSubject userSubject,
ServerAccessToken preAuthorizedToken) {
ServerAccessToken token = null;
if (preAuthorizedToken == null) {
AccessTokenRegistration reg = new AccessTokenRegistration();
reg.setClient(client);
reg.setGrantType(OAuthConstants.IMPLICIT_GRANT);
reg.setSubject(userSubject);
reg.setRequestedScope(requestedScope);
reg.setApprovedScope(approvedScope);
token = getDataProvider().createAccessToken(reg);
} else {
token = preAuthorizedToken;
}
// return the code by appending it as a fragment parameter to the redirect URI
String state = params.getFirst(OAuthConstants.STATE);
StringBuilder sb = getUriWithFragment(state, redirectUri);
if (state != null) {
sb.append("&");
}
sb.append(OAuthConstants.ACCESS_TOKEN).append("=").append(token.getTokenKey());
sb.append("&")
.append(OAuthConstants.ACCESS_TOKEN_TYPE).append("=").append(token.getTokenType());
if (reportClientId) {
sb.append("&")
.append(OAuthConstants.CLIENT_ID).append("=").append(client.getClientId());
}
if (isWriteOptionalParameters()) {
sb.append("&").append(OAuthConstants.ACCESS_TOKEN_EXPIRES_IN)
.append("=").append(token.getExpiresIn());
// Reporting scope is required if the approved scope is different and
// optional - otherwise; lets always report it for now if it is non-empty
List<OAuthPermission> perms = token.getScopes();
if (!perms.isEmpty()) {
String scope = OAuthUtils.convertPermissionsToScope(perms);
sb.append("&").append(OAuthConstants.SCOPE).append("=")
.append(HttpUtils.queryEncode(scope));
}