github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

more sanity checking for client secrets

pull/618/head
Justin Richer 2014-06-09 16:06:57 -04:00
parent cac645484f
commit 47cc005fe5
1 changed files with 44 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
View File

@ -171,11 +171,31 @@ public class ClientAPI {
client = clientService.generateClientSecret(client); client = clientService.generateClientSecret(client);
} }
} else { } else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY)) {
// otherwise (PRIVATE_KEY or NONE), we shouldn't have a secret for this client
if (Strings.isNullOrEmpty(client.getJwksUri())) {
logger.error("tried to create client with private key auth but no private key");
m.addAttribute("code", HttpStatus.BAD_REQUEST);
m.addAttribute("errorMessage", "Can not create a client with private key authentication without registering a key via the JWS Set URI.");
return "jsonErrorView";
}
// otherwise we shouldn't have a secret for this client
client.setClientSecret(null);
} else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.NONE)) {
// we shouldn't have a secret for this client
client.setClientSecret(null); client.setClientSecret(null);
} else {
logger.error("unknown auth method");
m.addAttribute("code", HttpStatus.BAD_REQUEST);
m.addAttribute("errorMessage", "Unknown auth method requested");
return "jsonErrorView";
} }
// set owners as current logged in user if owners aren't set otherwise // set owners as current logged in user if owners aren't set otherwise
@ -255,11 +275,31 @@ public class ClientAPI {
client = clientService.generateClientSecret(client); client = clientService.generateClientSecret(client);
} }
} else { } else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY)) {
// otherwise (PRIVATE_KEY or NONE), we shouldn't have a secret for this client
if (Strings.isNullOrEmpty(client.getJwksUri())) {
logger.error("tried to create client with private key auth but no private key");
m.addAttribute("code", HttpStatus.BAD_REQUEST);
m.addAttribute("errorMessage", "Can not create a client with private key authentication without registering a key via the JWS Set URI.");
return "jsonErrorView";
}
// otherwise we shouldn't have a secret for this client
client.setClientSecret(null);
} else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.NONE)) {
// we shouldn't have a secret for this client
client.setClientSecret(null); client.setClientSecret(null);
} else {
logger.error("unknown auth method");
m.addAttribute("code", HttpStatus.BAD_REQUEST);
m.addAttribute("errorMessage", "Unknown auth method requested");
return "jsonErrorView";
} }
// set owners as current logged in user if owners aren't set otherwise // set owners as current logged in user if owners aren't set otherwise