github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

ensure the redirect URI isn't replaced by the AS in a dynamic client registration

dynreg-client-check
Justin Richer 2019-12-06 16:57:12 -05:00
parent 621e86e62d
commit 15ae992915
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java
View File

@ -207,6 +207,17 @@ public class DynamicRegistrationClientConfigurationService implements ClientConf
RegisteredClient client = ClientDetailsEntityJsonProcessor.parseRegistered(registered); RegisteredClient client = ClientDetailsEntityJsonProcessor.parseRegistered(registered);
// make sure the redirect URI wasn't replaced by the AS
if (client.getRedirectUris() != null) {
if (!client.getRedirectUris().equals(template.getRedirectUris())) {
throw new InvalidClientException("Redirect URI did not match requested value");
}
} else {
if (template.getRedirectUris() != null) {
throw new InvalidClientException("Redirect URI did not match requested value");
}
}
// save this client for later // save this client for later
registeredClientService.save(serverConfig.getIssuer(), client); registeredClientService.save(serverConfig.getIssuer(), client);