added scope and grant_type, switched to timeunit
Justin Richer
parent
e2bc15c2b2
commit
33ceedb283
|
|
@ -69,8 +69,8 @@ public class ClientDetailsEntity implements ClientDetails {
|
|||
private Integer idTokenValiditySeconds; //timeout for id tokens
|
||||
|
||||
/** Fields from ClientDetails interface **/
|
||||
private String clientId = "";
|
||||
private String clientSecret = "";
|
||||
private String clientId = null;
|
||||
private String clientSecret = null;
|
||||
private Set<String> scope = new HashSet<String>();
|
||||
private Set<String> authorizedGrantTypes = new HashSet<String>();
|
||||
private Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
|||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.servlet.view.AbstractView;
|
||||
|
||||
import com.google.common.base.Joiner;
|
||||
import com.google.gson.Gson;
|
||||
import com.google.gson.GsonBuilder;
|
||||
import com.google.gson.JsonObject;
|
||||
|
|
@ -54,6 +55,12 @@ public class ClientRegistrationView extends AbstractView {
|
|||
if (fullClient) {
|
||||
// TODO: display the rest of the client fields, for now just this to mark changes
|
||||
obj.addProperty("client_name", client.getClientName());
|
||||
if (client.getScope() != null) {
|
||||
obj.addProperty("scope", Joiner.on(" ").join(client.getScope()));
|
||||
}
|
||||
if (client.getRegisteredRedirectUri() != null) {
|
||||
obj.addProperty("redirect_uri", Joiner.on(" ").join(client.getRegisteredRedirectUri()));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ package org.mitre.openid.connect.web;
|
|||
|
||||
import java.beans.PropertyEditorSupport;
|
||||
import java.util.Set;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import org.mitre.jwt.signer.JwsAlgorithm;
|
||||
import org.mitre.oauth2.exception.ClientNotFoundException;
|
||||
|
|
@ -160,7 +161,7 @@ public class ClientDynamicRegistrationEndpoint {
|
|||
* Bind a space-separated string to a Set<String>
|
||||
* @param binder
|
||||
*/
|
||||
@InitBinder({"contacts", "redirect_uris"})
|
||||
@InitBinder({"contacts", "redirect_uris", "scope", "grant_type"})
|
||||
public void stringSetInitbinder(WebDataBinder binder) {
|
||||
/*
|
||||
* Space-separated set of strings
|
||||
|
|
@ -194,6 +195,9 @@ public class ClientDynamicRegistrationEndpoint {
|
|||
@RequestParam(value = "token_endpoint_auth_type", required = false) AuthType tokenEndpointAuthType,
|
||||
@RequestParam(value = "policy_url", required = false) String policyUrl,
|
||||
|
||||
@RequestParam(value = "scope", required = false) Set<String> scope,
|
||||
@RequestParam(value = "grant_type", required = false) Set<String> grantType,
|
||||
|
||||
@RequestParam(value = "jwk_url", required = false) String jwkUrl,
|
||||
@RequestParam(value = "jwk_encryption_url", required = false) String jwkEncryptionUrl,
|
||||
@RequestParam(value = "x509_url", required = false) String x509Url,
|
||||
|
|
@ -252,13 +256,24 @@ public class ClientDynamicRegistrationEndpoint {
|
|||
client.setRequireAuthTime(requireAuthTime);
|
||||
client.setDefaultACR(defaultAcr);
|
||||
|
||||
if (scope != null) {
|
||||
// TODO: check against some kind of scope service for scope validity
|
||||
client.setScope(scope);
|
||||
} else {
|
||||
client.setScope(Sets.newHashSet("openid", "phone", "address", "profile", "email")); // provision all scopes
|
||||
}
|
||||
if (grantType != null) {
|
||||
// TODO: check against some kind of grant type service for validity
|
||||
client.setAuthorizedGrantTypes(grantType);
|
||||
} else {
|
||||
client.setAuthorizedGrantTypes(Sets.newHashSet("authorization_code", "refresh_token")); // allow authorization code and refresh token grant types
|
||||
}
|
||||
|
||||
// defaults for SECOAUTH functionality
|
||||
// TODO: extensions to request, or configuration?
|
||||
client.setScope(Sets.newHashSet("openid", "phone", "address", "profile", "email")); // provision all scopes
|
||||
client.setAccessTokenValiditySeconds(3600); // access tokens good for 1hr
|
||||
client.setIdTokenValiditySeconds(600); // id tokens good for 10min
|
||||
client.setAccessTokenValiditySeconds((int)TimeUnit.HOURS.toSeconds(1)); // access tokens good for 1hr
|
||||
client.setIdTokenValiditySeconds((int)TimeUnit.MINUTES.toSeconds(10)); // id tokens good for 10min
|
||||
client.setRefreshTokenValiditySeconds(null); // refresh tokens good until revoked
|
||||
client.setAuthorizedGrantTypes(Sets.newHashSet("authorization_code", "refresh_token")); // allow authoirzation code and refresh token grant types
|
||||
|
||||
client.setDynamicallyRegistered(true);
|
||||
|
||||
|
|
@ -343,6 +358,9 @@ public class ClientDynamicRegistrationEndpoint {
|
|||
@RequestParam(value = "token_endpoint_auth_type", required = false) AuthType tokenEndpointAuthType,
|
||||
@RequestParam(value = "policy_url", required = false) String policyUrl,
|
||||
|
||||
@RequestParam(value = "scope", required = false) Set<String> scope,
|
||||
@RequestParam(value = "grant_type", required = false) Set<String> grantType,
|
||||
|
||||
@RequestParam(value = "jwk_url", required = false) String jwkUrl,
|
||||
@RequestParam(value = "jwk_encryption_url", required = false) String jwkEncryptionUrl,
|
||||
@RequestParam(value = "x509_url", required = false) String x509Url,
|
||||
|
|
@ -400,6 +418,17 @@ public class ClientDynamicRegistrationEndpoint {
|
|||
client.setRequireAuthTime(requireAuthTime);
|
||||
client.setDefaultACR(defaultAcr);
|
||||
|
||||
if (scope != null) {
|
||||
// TODO: check against some kind of scope service for scope validity
|
||||
client.setScope(scope);
|
||||
} else {
|
||||
}
|
||||
if (grantType != null) {
|
||||
// TODO: check against some kind of grant type service for validity
|
||||
client.setAuthorizedGrantTypes(grantType);
|
||||
} else {
|
||||
}
|
||||
|
||||
ClientDetailsEntity saved = clientService.updateClient(client, client);
|
||||
|
||||
model.put("fullClient", Boolean.TRUE);
|
||||
|
|
|
|||
Loading…
Reference in New Issue