From 33ceedb2834cb25435a49e74d720c5048e181a74 Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mitre.org>
Date: Tue, 11 Dec 2012 12:11:09 -0500
Subject: [PATCH] added scope and grant_type, switched to timeunit

---
 .../oauth2/model/ClientDetailsEntity.java     |  4 +-
 .../connect/view/ClientRegistrationView.java  |  7 ++++
 .../ClientDynamicRegistrationEndpoint.java    | 39 ++++++++++++++++---
 3 files changed, 43 insertions(+), 7 deletions(-)

diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
index 8cfd46647..c33719e76 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
@@ -69,8 +69,8 @@ public class ClientDetailsEntity implements ClientDetails {
 	private Integer idTokenValiditySeconds; //timeout for id tokens
 	
 	/** Fields from ClientDetails interface **/
-    private String clientId = "";
-    private String clientSecret = "";
+    private String clientId = null;
+    private String clientSecret = null;
     private Set<String> scope = new HashSet<String>();
     private Set<String> authorizedGrantTypes = new HashSet<String>();
 	private Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientRegistrationView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientRegistrationView.java
index 469e9be52..cc3fb83fb 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientRegistrationView.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientRegistrationView.java
@@ -15,6 +15,7 @@ import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.view.AbstractView;
 
+import com.google.common.base.Joiner;
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
 import com.google.gson.JsonObject;
@@ -54,6 +55,12 @@ public class ClientRegistrationView extends AbstractView {
 			if (fullClient) {
 				// TODO: display the rest of the client fields, for now just this to mark changes
 				obj.addProperty("client_name", client.getClientName());
+				if (client.getScope() != null) {
+					obj.addProperty("scope", Joiner.on(" ").join(client.getScope()));
+				}
+				if (client.getRegisteredRedirectUri() != null) {
+					obj.addProperty("redirect_uri", Joiner.on(" ").join(client.getRegisteredRedirectUri()));
+				}
 			}
 			
 			
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java
index a6fa57a32..a901ec6a1 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java
@@ -2,6 +2,7 @@ package org.mitre.openid.connect.web;
 
 import java.beans.PropertyEditorSupport;
 import java.util.Set;
+import java.util.concurrent.TimeUnit;
 
 import org.mitre.jwt.signer.JwsAlgorithm;
 import org.mitre.oauth2.exception.ClientNotFoundException;
@@ -160,7 +161,7 @@ public class ClientDynamicRegistrationEndpoint {
 	 * Bind a space-separated string to a Set<String>
 	 * @param binder
 	 */
-	@InitBinder({"contacts", "redirect_uris"})
+	@InitBinder({"contacts", "redirect_uris", "scope", "grant_type"})
 	public void stringSetInitbinder(WebDataBinder binder) {
 		/*
 		 * Space-separated set of strings
@@ -194,6 +195,9 @@ public class ClientDynamicRegistrationEndpoint {
 			@RequestParam(value = "token_endpoint_auth_type", required = false) AuthType tokenEndpointAuthType,
 			@RequestParam(value = "policy_url", required = false) String policyUrl,
 			
+			@RequestParam(value = "scope", required = false) Set<String> scope,
+			@RequestParam(value = "grant_type", required = false) Set<String> grantType,
+			
 			@RequestParam(value = "jwk_url", required = false) String jwkUrl,
 			@RequestParam(value = "jwk_encryption_url", required = false) String jwkEncryptionUrl,
 			@RequestParam(value = "x509_url", required = false) String x509Url,
@@ -252,13 +256,24 @@ public class ClientDynamicRegistrationEndpoint {
 		client.setRequireAuthTime(requireAuthTime);
 		client.setDefaultACR(defaultAcr);
 
+		if (scope != null) {
+			// TODO: check against some kind of scope service for scope validity
+			client.setScope(scope);
+		} else {
+			client.setScope(Sets.newHashSet("openid", "phone", "address", "profile", "email")); // provision all scopes
+		}
+		if (grantType != null) {
+			// TODO: check against some kind of grant type service for validity
+			client.setAuthorizedGrantTypes(grantType);
+		} else {
+			client.setAuthorizedGrantTypes(Sets.newHashSet("authorization_code", "refresh_token")); // allow authorization code and refresh token grant types
+		}
+		
 		// defaults for SECOAUTH functionality
 		// TODO: extensions to request, or configuration?
-		client.setScope(Sets.newHashSet("openid", "phone", "address", "profile", "email")); // provision all scopes
-		client.setAccessTokenValiditySeconds(3600); // access tokens good for 1hr
-		client.setIdTokenValiditySeconds(600); // id tokens good for 10min
+		client.setAccessTokenValiditySeconds((int)TimeUnit.HOURS.toSeconds(1)); // access tokens good for 1hr
+		client.setIdTokenValiditySeconds((int)TimeUnit.MINUTES.toSeconds(10)); // id tokens good for 10min
 		client.setRefreshTokenValiditySeconds(null); // refresh tokens good until revoked
-		client.setAuthorizedGrantTypes(Sets.newHashSet("authorization_code", "refresh_token")); // allow authoirzation code and refresh token grant types
 		
 		client.setDynamicallyRegistered(true);
 		
@@ -343,6 +358,9 @@ public class ClientDynamicRegistrationEndpoint {
 			@RequestParam(value = "token_endpoint_auth_type", required = false) AuthType tokenEndpointAuthType,
 			@RequestParam(value = "policy_url", required = false) String policyUrl,
 			
+			@RequestParam(value = "scope", required = false) Set<String> scope,
+			@RequestParam(value = "grant_type", required = false) Set<String> grantType,
+			
 			@RequestParam(value = "jwk_url", required = false) String jwkUrl,
 			@RequestParam(value = "jwk_encryption_url", required = false) String jwkEncryptionUrl,
 			@RequestParam(value = "x509_url", required = false) String x509Url,
@@ -400,6 +418,17 @@ public class ClientDynamicRegistrationEndpoint {
 		client.setRequireAuthTime(requireAuthTime);
 		client.setDefaultACR(defaultAcr);
 
+		if (scope != null) {
+			// TODO: check against some kind of scope service for scope validity
+			client.setScope(scope);
+		} else {
+		}
+		if (grantType != null) {
+			// TODO: check against some kind of grant type service for validity
+			client.setAuthorizedGrantTypes(grantType);
+		} else {
+		}
+
 		ClientDetailsEntity saved = clientService.updateClient(client, client);
 		
 		model.put("fullClient", Boolean.TRUE);