From 4dedec76ecba17bcee70ef6a39f182bd48ffed79 Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mitre.org>
Date: Wed, 13 Mar 2013 17:17:15 -0400
Subject: [PATCH] moved back to form variables for auth because rest template
 is dumb

---
 .../client/OIDCAuthenticationFilter.java      | 42 ++++++++++---------
 1 file changed, 22 insertions(+), 20 deletions(-)

diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java
index 7d7ef15ed..e88e152b6 100644
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java
@@ -150,6 +150,8 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 		HttpSession session = request.getSession();
 		
 		String issuer = issuerService.getIssuer(request);
+		session.setAttribute(ISSUER_SESSION_VARIABLE, issuer);
+		
 		ServerConfiguration serverConfig = servers.getServerConfiguration(issuer);
 		ClientDetails clientConfig = clients.getClientConfiguration(issuer);
 
@@ -199,26 +201,6 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 		ServerConfiguration serverConfig = servers.getServerConfiguration(issuer);
 		ClientDetails clientConfig = clients.getClientConfiguration(issuer);
 		
-		
-		// Handle Token Endpoint interaction
-		DefaultHttpClient httpClient = new DefaultHttpClient();
-
-		httpClient.getParams().setParameter("http.socket.timeout", new Integer(httpSocketTimeout));
-
-		
-		UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(clientConfig.getClientId(), clientConfig.getClientSecret());
-		httpClient.getCredentialsProvider().setCredentials(AuthScope.ANY, credentials);
-
-		/* Alternatively, use form-based auth:
-		 *
-		form.add("client_id", serverConfig.getClientId());
-		form.add("client_secret", serverConfig.getClientSecret());
-		 */
-
-		HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);
-
-		RestTemplate restTemplate = new RestTemplate(factory);
-
 		MultiValueMap<String, String> form = new LinkedMultiValueMap<String, String>();
 		form.add("grant_type", "authorization_code");
 		form.add("code", authorizationCode);
@@ -227,6 +209,26 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 		if (redirectUri != null) {
 			form.add("redirect_uri", redirectUri);
 		}
+		
+		// Handle Token Endpoint interaction
+		DefaultHttpClient httpClient = new DefaultHttpClient();
+
+		httpClient.getParams().setParameter("http.socket.timeout", new Integer(httpSocketTimeout));
+
+		/* Use these for basic auth:
+		 * 
+		UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(clientConfig.getClientId(), clientConfig.getClientSecret());
+		httpClient.getCredentialsProvider().setCredentials(AuthScope.ANY, credentials);
+		 */
+		/* Alternatively, use form-based auth:
+		 */
+		form.add("client_id", clientConfig.getClientId());
+		form.add("client_secret", clientConfig.getClientSecret());
+		 /**/
+
+		HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);
+
+		RestTemplate restTemplate = new RestTemplate(factory);
 
 		logger.debug("tokenEndpointURI = " + serverConfig.getTokenEndpointUri());
 		logger.debug("form = " + form);