From 49a7db6c6efdccea621c40c95093adf878d6d62c Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Wed, 27 Nov 2013 11:37:07 -0500 Subject: [PATCH] Sanity check on client template object for dynamic registration client-side service --- .../DynamicRegistrationClientConfigurationService.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java index 7877a72f8..748f62de3 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java @@ -60,7 +60,6 @@ public class DynamicRegistrationClientConfigurationService implements ClientConf private RegisteredClientService registeredClientService = new InMemoryRegisteredClientService(); - // TODO: make sure the template doesn't have "client_id", "client_secret", or "registration_access_token" set on it already private RegisteredClient template; private Set whitelist = new HashSet(); @@ -99,6 +98,13 @@ public class DynamicRegistrationClientConfigurationService implements ClientConf * @param template the template to set */ public void setTemplate(RegisteredClient template) { + // make sure the template doesn't have unwanted fields set on it + if (template != null) { + template.setClientId(null); + template.setClientSecret(null); + template.setRegistrationClientUri(null); + template.setRegistrationAccessToken(null); + } this.template = template; }