Move extension parameters into OAuth2Request.extensions map; remove all calls to OAuth2Request.getRequestParameters.

2013-09-17 10:53:33 -04:00 · 2013-09-17 10:53:33 -04:00 · 66e837f650
parent c98f77c405
commit 66e837f650
5 changed files with 21 additions and 11 deletions
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
@ -19,7 +19,6 @@
 */
 package org.mitre.oauth2.web;

-import java.util.HashMap;
 import java.util.LinkedHashSet;
 import java.util.Map;
 import java.util.Set;
@ -72,8 +71,7 @@ public class OAuthConfirmationController {

 		// Check the "prompt" parameter to see if we need to do special processing

-		// TODO (issue #450)
-		String prompt = clientAuth.getRequestParameters().get("prompt");
+		String prompt = (String)clientAuth.getExtensions().get("prompt");
 		if ("none".equals(prompt)) {
 			// we're not supposed to prompt, so "return an error"
 			logger.info("Client requested no prompt, returning 403 from confirmation endpoint");
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectOAuth2RequestFactory.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectOAuth2RequestFactory.java
@ -16,6 +16,7 @@
 ******************************************************************************/
 package org.mitre.openid.connect;

+import java.io.Serializable;
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.InvalidKeySpecException;
 import java.text.ParseException;
@ -34,7 +35,6 @@ import org.mitre.oauth2.service.SystemScopeService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
 import org.springframework.security.oauth2.common.util.OAuth2Utils;
 import org.springframework.security.oauth2.provider.AuthorizationRequest;
@ -45,6 +45,7 @@ import org.springframework.stereotype.Component;

 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.Maps;
 import com.nimbusds.jose.Algorithm;
 import com.nimbusds.jose.JWEObject.State;
 import com.nimbusds.jose.JWSAlgorithm;
@ -120,6 +121,20 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory {

 		request.setScope(scopes);
 		
+		//Add extension parameters to the 'extensions' map
+		Map<String, Serializable> extensions = Maps.newHashMap();
+		if (parameters.containsKey("prompt")) {
+			extensions.put("prompt", parameters.get("prompt"));
+		}
+		if (parameters.containsKey("request")) {
+			extensions.put("request", parameters.get("request"));
+		}
+		if (parameters.containsKey("nonce")) {
+			extensions.put("nonce", parameters.get("nonce"));
+		}
+		
+		request.setExtensions(extensions);
+
 		return request;
 	}

--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java
@ -137,14 +137,12 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
 			idClaims.setSubject(userInfo.getSub());
 			idClaims.setAudience(Lists.newArrayList(clientId));

-
-			// TODO: issue #450
-			String nonce = originalAuthRequest.getRequestParameters().get("nonce");
+			String nonce = (String)originalAuthRequest.getExtensions().get("nonce");
 			if (!Strings.isNullOrEmpty(nonce)) {
 				idClaims.setCustomClaim("nonce", nonce);
 			}

-			// TODO: this ought to be getResponseType
+			// TODO: this ought to be getResponseType; issue #482
 			String responseType = authentication.getOAuth2Request().getRequestParameters().get("response_type");
 			
 			Set<String> responseTypes = OAuth2Utils.parseParameterList(responseType);
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java
@ -126,8 +126,7 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
 		boolean alreadyApproved = false;

 		// find out if we're supposed to force a prompt on the user or not
-		// TODO (issue #450)
-		String prompt = authorizationRequest.getRequestParameters().get("prompt");
+		String prompt = (String) authorizationRequest.getExtensions().get("prompt");
 		if (!"consent".equals(prompt)) {
 			// if the prompt parameter is set to "consent" then we can't use approved sites or whitelisted sites
 			// otherwise, we need to check them below
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
@ -73,7 +73,7 @@ public class UserInfoEndpoint {
 		}

 		model.addAttribute("scope", auth.getOAuth2Request().getScope());
-		model.addAttribute("requestObject", auth.getOAuth2Request().getRequestParameters().get("request"));
+		model.addAttribute("requestObject", auth.getOAuth2Request().getExtensions().get("request"));

 		model.addAttribute("userInfo", userInfo);