DWN-27040: Bit of refactoring, Protected Resources now protected

openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java

@@ -150,12 +150,16 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
 
 		ensureNoReservedScopes(client);
 
+		String plaintextSecret = client.getClientSecret();
+
 		if(!Strings.isNullOrEmpty(client.getClientSecret())) {
 		    client.setClientSecret(this.passwordEncoder.encode(client.getClientSecret()));
         }
 
 		ClientDetailsEntity c = clientRepository.saveClient(client);
 
+		c.setClientSecret(plaintextSecret);
+
 		statsService.resetCache();
 
 		return c;

openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java

@@ -281,8 +281,6 @@ public class ClientAPI {
 			client = clientService.generateClientId(client);
 		}
 
-		String plaintextSecret = client.getClientSecret();
-
 		if (client.getTokenEndpointAuthMethod() == null ||
 				client.getTokenEndpointAuthMethod().equals(AuthMethod.NONE)) {
 			// we shouldn't have a secret for this client
@@ -297,7 +295,6 @@ public class ClientAPI {
 			if (json.has("generateClientSecret") && json.get("generateClientSecret").getAsBoolean()
 					|| Strings.isNullOrEmpty(client.getClientSecret())) {
 				client = clientService.generateClientSecret(client);
-				plaintextSecret = client.getClientSecret();
 			}
 
 		} else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY)) {
@@ -328,8 +325,6 @@ public class ClientAPI {
 			ClientDetailsEntity newClient = clientService.saveNewClient(client);
 
 			//Set the client secret to the plaintext from the request
-			newClient.setClientSecret(plaintextSecret);
-
 			m.addAttribute(JsonEntityView.ENTITY, newClient);
 
 			if (AuthenticationUtilities.isAdmin(auth)) {

openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java

@@ -167,8 +167,6 @@ public class DynamicClientRegistrationEndpoint {
 		if (newClient != null) {
 			// it parsed!
 
-			String plaintextSecret = newClient.getClientSecret();
-
 			//
 			// Now do some post-processing consistency checks on it
 			//
@@ -203,7 +201,6 @@ public class DynamicClientRegistrationEndpoint {
 
 				// we need to generate a secret
 				newClient = clientService.generateClientSecret(newClient);
-				plaintextSecret = newClient.getClientSecret();
 			}
 
 			// set some defaults for token timeouts
@@ -246,8 +243,6 @@ public class DynamicClientRegistrationEndpoint {
 
 				RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "register/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8"));
 
-				registered.setClientSecret(plaintextSecret);
-
 				m.addAttribute("client", registered);
 				m.addAttribute(HttpCodeView.CODE, HttpStatus.CREATED); // http 201