diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultDeviceCodeService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultDeviceCodeService.java
index 8020de7a6..1d8f6282e 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultDeviceCodeService.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultDeviceCodeService.java
@@ -90,22 +90,26 @@ public class DefaultDeviceCodeService implements DeviceCodeService {
* @see org.mitre.oauth2.service.DeviceCodeService#consumeDeviceCode(java.lang.String, org.springframework.security.oauth2.provider.ClientDetails)
*/
@Override
- public DeviceCode consumeDeviceCode(String deviceCode, ClientDetails client) {
+ public DeviceCode findDeviceCode(String deviceCode, ClientDetails client) {
DeviceCode found = repository.getByDeviceCode(deviceCode);
- // make sure it's not used twice
- repository.remove(found);
-
- if (found.getClientId().equals(client.getClientId())) {
- // make sure the client matches, if so, we're good
- return found;
+ if (found != null) {
+ if (found.getClientId().equals(client.getClientId())) {
+ // make sure the client matches, if so, we're good
+ return found;
+ } else {
+ // if the clients don't match, pretend the code wasn't found
+ return null;
+ }
} else {
- // if the clients don't match, pretend the code wasn't found
+ // didn't find the code, return null
return null;
}
}
+
+
/* (non-Javadoc)
* @see org.mitre.oauth2.service.DeviceCodeService#clearExpiredDeviceCodes()
*/
@@ -126,4 +130,18 @@ public class DefaultDeviceCodeService implements DeviceCodeService {
}.execute();
}
+ /* (non-Javadoc)
+ * @see org.mitre.oauth2.service.DeviceCodeService#clearDeviceCode(java.lang.String, org.springframework.security.oauth2.provider.ClientDetails)
+ */
+ @Override
+ public void clearDeviceCode(String deviceCode, ClientDetails client) {
+ DeviceCode found = findDeviceCode(deviceCode, client);
+
+ if (found != null) {
+ // make sure it's not used twice
+ repository.remove(found);
+ }
+
+ }
+
}
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/token/DeviceTokenGranter.java b/openid-connect-server/src/main/java/org/mitre/oauth2/token/DeviceTokenGranter.java
index c9a6c2431..34fde5410 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/token/DeviceTokenGranter.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/token/DeviceTokenGranter.java
@@ -70,13 +70,15 @@ public class DeviceTokenGranter extends AbstractTokenGranter {
String deviceCode = tokenRequest.getRequestParameters().get("device_code");
// look up the device code and consume it
- DeviceCode dc = deviceCodeService.consumeDeviceCode(deviceCode, client);
+ DeviceCode dc = deviceCodeService.findDeviceCode(deviceCode, client);
if (dc != null) {
// make sure the code hasn't expired yet
if (dc.getExpiration() != null && dc.getExpiration().before(new Date())) {
- // TODO: return an error
+
+ deviceCodeService.clearDeviceCode(deviceCode, client);
+
throw new DeviceCodeExpiredException("Device code has expired " + deviceCode);
} else if (!dc.isApproved()) {
@@ -90,6 +92,8 @@ public class DeviceTokenGranter extends AbstractTokenGranter {
OAuth2Authentication auth = new OAuth2Authentication(getRequestFactory().createOAuth2Request(client, tokenRequest), dc.getAuthenticationHolder().getUserAuth());
+ deviceCodeService.clearDeviceCode(deviceCode, client);
+
return auth;
}
} else {