github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

ensure the redirect URI isn't replaced by the AS in a dynamic client registration

dynreg-client-check
Justin Richer 5 years ago
parent
621e86e62d
commit
15ae992915
1 changed files with 11 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 11
      openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java

11
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java
Unescape View File

@ -207,6 +207,17 @@ public class DynamicRegistrationClientConfigurationService implements ClientConf
RegisteredClient client = ClientDetailsEntityJsonProcessor.parseRegistered(registered);
// make sure the redirect URI wasn't replaced by the AS
if (client.getRedirectUris() != null) {
if (!client.getRedirectUris().equals(template.getRedirectUris())) {
throw new InvalidClientException("Redirect URI did not match requested value");
}
} else {
if (template.getRedirectUris() != null) {
throw new InvalidClientException("Redirect URI did not match requested value");
}
}
// save this client for later
registeredClientService.save(serverConfig.getIssuer(), client);

Write Preview
Loading…
Cancel
Save