github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

relaxed scope constraints on protected resources registered through self-service page

pull/743/head
Justin Richer 2014-11-22 22:49:51 -05:00
parent 55fb6667a0
commit 1a2ca25359
1 changed files with 5 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java
View File

@ -202,21 +202,18 @@ public class ProtectedResourceRegistrationEndpoint {
} }
private ClientDetailsEntity validateScopes(ClientDetailsEntity newClient) throws ValidationException { private ClientDetailsEntity validateScopes(ClientDetailsEntity newClient) throws ValidationException {
// set of scopes that are OK for clients to dynamically register for
Set<SystemScope> dynScopes = scopeService.getDynReg(); // note that protected resources can register for any scopes, even ones not used by the sysadmin
// scopes that the client is asking for // scopes that the client is asking for
Set<SystemScope> requestedScopes = scopeService.fromStrings(newClient.getScope()); Set<SystemScope> requestedScopes = scopeService.fromStrings(newClient.getScope());
// the scopes that the client can have must be a subset of the dynamically allowed scopes
Set<SystemScope> allowedScopes = Sets.intersection(dynScopes, requestedScopes);
// if the client didn't ask for any, give them the defaults // if the client didn't ask for any, give them the defaults
if (allowedScopes == null || allowedScopes.isEmpty()) { if (requestedScopes == null || requestedScopes.isEmpty()) {
allowedScopes = scopeService.getDefaults(); requestedScopes = scopeService.getDefaults();
} }
newClient.setScope(scopeService.toStrings(allowedScopes)); newClient.setScope(scopeService.toStrings(requestedScopes));
return newClient; return newClient;
} }