Make the dual client support configurable
parent
a80953a2d4
commit
7b34a666d9
|
@ -56,7 +56,9 @@ public class ConfigurationPropertiesBean {
|
|||
|
||||
private Locale locale = Locale.ENGLISH; // we default to the english translation
|
||||
|
||||
public ConfigurationPropertiesBean() {
|
||||
public boolean dualClient = false;
|
||||
|
||||
public ConfigurationPropertiesBean() {
|
||||
|
||||
}
|
||||
|
||||
|
@ -168,4 +170,18 @@ public class ConfigurationPropertiesBean {
|
|||
public void setLocale(Locale locale) {
|
||||
this.locale = locale;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return true if dual client is configured, otherwise false
|
||||
*/
|
||||
public boolean isDualClient() {
|
||||
return dualClient;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param dualClient the dual client configuration
|
||||
*/
|
||||
public void setDualClient(boolean dualClient) {
|
||||
this.dualClient = dualClient;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -49,6 +49,10 @@
|
|||
<!-- This property sets the locale for server text -->
|
||||
<!-- <property name="locale" value="sv" /> -->
|
||||
|
||||
<!-- This property indicates if a dynamically registered client supports dual flows, such as client_credentials
|
||||
at the same time with authorization_code or implicit -->
|
||||
<property name="dualClient" value="false"/>
|
||||
|
||||
</bean>
|
||||
|
||||
</beans>
|
||||
|
|
|
@ -394,11 +394,14 @@ public class DynamicClientRegistrationEndpoint {
|
|||
// set default grant types if needed
|
||||
if (newClient.getGrantTypes() == null || newClient.getGrantTypes().isEmpty()) {
|
||||
if (newClient.getScope().contains("offline_access")) { // client asked for offline access
|
||||
// allow authorization code, client credentials and refresh token grant types by default
|
||||
newClient.setGrantTypes(Sets.newHashSet("authorization_code", "client_credentials", "refresh_token"));
|
||||
newClient.setGrantTypes(Sets.newHashSet("authorization_code", "refresh_token")); // allow authorization code and refresh token grant types by default
|
||||
} else {
|
||||
// allow authorization code grant type by default
|
||||
newClient.setGrantTypes(Sets.newHashSet("authorization_code", "client_credentials"));
|
||||
newClient.setGrantTypes(Sets.newHashSet("authorization_code")); // allow authorization code grant type by default
|
||||
}
|
||||
if (config.isDualClient()) {
|
||||
Set<String> extendedGrandTypes = newClient.getGrantTypes();
|
||||
extendedGrandTypes.add("client_credentials");
|
||||
newClient.setGrantTypes(extendedGrandTypes);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -420,7 +423,8 @@ public class DynamicClientRegistrationEndpoint {
|
|||
if (newClient.getGrantTypes().contains("authorization_code")) {
|
||||
|
||||
// check for incompatible grants
|
||||
if (newClient.getGrantTypes().contains("implicit")) {
|
||||
if (newClient.getGrantTypes().contains("implicit") ||
|
||||
(!config.isDualClient() && newClient.getGrantTypes().contains("client_credentials"))) {
|
||||
// return an error, you can't have these grant types together
|
||||
throw new ValidationException("invalid_client_metadata", "Incompatible grant types requested: " + newClient.getGrantTypes(), HttpStatus.BAD_REQUEST);
|
||||
}
|
||||
|
@ -436,7 +440,8 @@ public class DynamicClientRegistrationEndpoint {
|
|||
if (newClient.getGrantTypes().contains("implicit")) {
|
||||
|
||||
// check for incompatible grants
|
||||
if (newClient.getGrantTypes().contains("authorization_code")) {
|
||||
if (newClient.getGrantTypes().contains("authorization_code") ||
|
||||
(!config.isDualClient() && newClient.getGrantTypes().contains("client_credentials"))) {
|
||||
// return an error, you can't have these grant types together
|
||||
throw new ValidationException("invalid_client_metadata", "Incompatible grant types requested: " + newClient.getGrantTypes(), HttpStatus.BAD_REQUEST);
|
||||
}
|
||||
|
@ -454,7 +459,14 @@ public class DynamicClientRegistrationEndpoint {
|
|||
}
|
||||
|
||||
if (newClient.getGrantTypes().contains("client_credentials")) {
|
||||
|
||||
|
||||
// check for incompatible grants
|
||||
if (!config.isDualClient() &&
|
||||
(newClient.getGrantTypes().contains("authorization_code") || newClient.getGrantTypes().contains("implicit"))) {
|
||||
// return an error, you can't have these grant types together
|
||||
throw new ValidationException("invalid_client_metadata", "Incompatible grant types requested: " + newClient.getGrantTypes(), HttpStatus.BAD_REQUEST);
|
||||
}
|
||||
|
||||
if (!newClient.getResponseTypes().isEmpty()) {
|
||||
// return an error, you can't have this grant type and response type together
|
||||
throw new ValidationException("invalid_client_metadata", "Incompatible response types requested: " + newClient.getGrantTypes() + " / " + newClient.getResponseTypes(), HttpStatus.BAD_REQUEST);
|
||||
|
|
Loading…
Reference in New Issue