more sanity checking for client secrets
parent
cac645484f
commit
47cc005fe5
|
@ -171,11 +171,31 @@ public class ClientAPI {
|
|||
client = clientService.generateClientSecret(client);
|
||||
}
|
||||
|
||||
} else {
|
||||
// otherwise (PRIVATE_KEY or NONE), we shouldn't have a secret for this client
|
||||
} else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY)) {
|
||||
|
||||
if (Strings.isNullOrEmpty(client.getJwksUri())) {
|
||||
logger.error("tried to create client with private key auth but no private key");
|
||||
m.addAttribute("code", HttpStatus.BAD_REQUEST);
|
||||
m.addAttribute("errorMessage", "Can not create a client with private key authentication without registering a key via the JWS Set URI.");
|
||||
return "jsonErrorView";
|
||||
}
|
||||
|
||||
// otherwise we shouldn't have a secret for this client
|
||||
client.setClientSecret(null);
|
||||
|
||||
} else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.NONE)) {
|
||||
// we shouldn't have a secret for this client
|
||||
|
||||
client.setClientSecret(null);
|
||||
|
||||
} else {
|
||||
|
||||
logger.error("unknown auth method");
|
||||
m.addAttribute("code", HttpStatus.BAD_REQUEST);
|
||||
m.addAttribute("errorMessage", "Unknown auth method requested");
|
||||
return "jsonErrorView";
|
||||
|
||||
|
||||
}
|
||||
|
||||
// set owners as current logged in user if owners aren't set otherwise
|
||||
|
@ -255,11 +275,31 @@ public class ClientAPI {
|
|||
client = clientService.generateClientSecret(client);
|
||||
}
|
||||
|
||||
} else {
|
||||
// otherwise (PRIVATE_KEY or NONE), we shouldn't have a secret for this client
|
||||
} else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY)) {
|
||||
|
||||
if (Strings.isNullOrEmpty(client.getJwksUri())) {
|
||||
logger.error("tried to create client with private key auth but no private key");
|
||||
m.addAttribute("code", HttpStatus.BAD_REQUEST);
|
||||
m.addAttribute("errorMessage", "Can not create a client with private key authentication without registering a key via the JWS Set URI.");
|
||||
return "jsonErrorView";
|
||||
}
|
||||
|
||||
// otherwise we shouldn't have a secret for this client
|
||||
client.setClientSecret(null);
|
||||
|
||||
} else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.NONE)) {
|
||||
// we shouldn't have a secret for this client
|
||||
|
||||
client.setClientSecret(null);
|
||||
|
||||
} else {
|
||||
|
||||
logger.error("unknown auth method");
|
||||
m.addAttribute("code", HttpStatus.BAD_REQUEST);
|
||||
m.addAttribute("errorMessage", "Unknown auth method requested");
|
||||
return "jsonErrorView";
|
||||
|
||||
|
||||
}
|
||||
|
||||
// set owners as current logged in user if owners aren't set otherwise
|
||||
|
|
Loading…
Reference in New Issue