github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fixed default token lifetimes for heart mode

pull/1046/head
Justin Richer 2016-03-18 22:02:28 -04:00
parent 9691f02772
commit 89316cbab1
4 changed files with 26 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
openid-connect-server-webapp/src/main/webapp/resources/js/admin.js
View File

@ -495,7 +495,8 @@ var AppRouter = Backbone.Router.extend({
defaultMaxAge:60000,
scope: _.uniq(_.flatten(app.systemScopeList.defaultScopes().pluck("value"))),
accessTokenValiditySeconds:3600,
idTokenValiditySeconds:600,
refreshTokenValiditySeconds:24*3600,
idTokenValiditySeconds:300,
grantTypes: ["authorization_code"],
responseTypes: ["code"],
subjectType: "PUBLIC",

6
openid-connect-server-webapp/src/main/webapp/resources/template/client.html
View File

@ -426,7 +426,7 @@
<div class="controls">
<% if (!heartMode) { %>
<div>
<input type="radio" id="tokenEndpointAuthMethodBasic" name="tokenEndpointAuthMethod" value="SECRET_BASIC" <%-((client.tokenEndpointAuthMethod == 'SECRET_BASIC') || (!tokenEndpointAuthMethod) ? 'checked' : '')%>>
<input type="radio" id="tokenEndpointAuthMethodBasic" name="tokenEndpointAuthMethod" value="SECRET_BASIC" <%-((client.tokenEndpointAuthMethod == 'SECRET_BASIC') || (!client.tokenEndpointAuthMethod) ? 'checked' : '')%>>
<label for="tokenEndpointAuthMethodBasic" class="radio" data-i18n="client.client-form.secret-http">Client Secret over HTTP Basic</label>
</div>
<div>
@ -439,7 +439,7 @@
</div>
<% } %>
<div>
<input type="radio" id="tokenEndpointAuthMethodAssym" name="tokenEndpointAuthMethod" value="PRIVATE_KEY" <%-((client.tokenEndpointAuthMethod == 'PRIVATE_KEY') || (heartMode && !tokenEndpointAuthMethod) ? 'checked' : '')%>>
<input type="radio" id="tokenEndpointAuthMethodAssym" name="tokenEndpointAuthMethod" value="PRIVATE_KEY" <%-((client.tokenEndpointAuthMethod == 'PRIVATE_KEY') || (heartMode && !client.tokenEndpointAuthMethod) ? 'checked' : '')%>>
<label for="tokenEndpointAuthMethodAssym" class="radio" data-i18n="client.client-form.secret-asymmetric-jwt">Asymmetrically-signed JWT assertion</label>
</div>
<div>
@ -591,7 +591,7 @@
<label for="disableRefreshTokenTimeout" class="checkbox" data-i18n="client.client-form.refresh-tokens-no-expire">Refresh tokens do not time out</label>
</div>
<div>
<input type="text" class="" value="<%-(client.refreshTokenValiditySeconds == null ? '' : refreshTokenValiditySeconds)%>" id="refresh-token-timeout-time" size="16" style="width:8em;">
<input type="text" class="" value="<%-(client.refreshTokenValiditySeconds == null ? '' : client.refreshTokenValiditySeconds)%>" id="refresh-token-timeout-time" size="16" style="width:8em;">
<select id="refresh-token-timeout-unit" style="width:8em;">
<option data-i18n="client.client-form.seconds">seconds</option>
<option data-i18n="client.client-form.minutes">minutes</option>

2
openid-connect-server-webapp/src/main/webapp/resources/template/dynreg.html
View File

@ -333,7 +333,7 @@
</div>
<% } %>
<div>
<input type="radio" id="tokenEndpointAuthMethodAssym" name="tokenEndpointAuthMethod" value="private_key_jwt" <%-((client.token_endpoint_auth_method == 'private_key_jwt') || (heartMode && !tokenEndpointAuthMethod) ? 'checked' : '')%>>
<input type="radio" id="tokenEndpointAuthMethodAssym" name="tokenEndpointAuthMethod" value="private_key_jwt" <%-((client.token_endpoint_auth_method == 'private_key_jwt') || (heartMode && !client.tokenEndpointAuthMethod) ? 'checked' : '')%>>
<label for="tokenEndpointAuthMethodAssym" class="radio" data-i18n="client.client-form.secret-asymmetric-jwt">Asymmetrically-signed JWT assertion</label>
</div>
<div>

23
openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java
View File

@ -153,9 +153,26 @@ public class DynamicClientRegistrationEndpoint {
}
// set some defaults for token timeouts
newClient.setAccessTokenValiditySeconds((int)TimeUnit.HOURS.toSeconds(1)); // access tokens good for 1hr
newClient.setIdTokenValiditySeconds((int)TimeUnit.MINUTES.toSeconds(10)); // id tokens good for 10min
newClient.setRefreshTokenValiditySeconds(null); // refresh tokens good until revoked
if (config.isHeartMode()) {
// heart mode has different defaults depending on primary grant type
if (newClient.getGrantTypes().contains("authorization_code")) {
newClient.setAccessTokenValiditySeconds((int)TimeUnit.HOURS.toSeconds(1)); // access tokens good for 1hr
newClient.setIdTokenValiditySeconds((int)TimeUnit.MINUTES.toSeconds(5)); // id tokens good for 5min
newClient.setRefreshTokenValiditySeconds((int)TimeUnit.HOURS.toSeconds(24)); // refresh tokens good for 24hr
} else if (newClient.getGrantTypes().contains("implicit")) {
newClient.setAccessTokenValiditySeconds((int)TimeUnit.MINUTES.toSeconds(15)); // access tokens good for 15min
newClient.setIdTokenValiditySeconds((int)TimeUnit.MINUTES.toSeconds(5)); // id tokens good for 5min
newClient.setRefreshTokenValiditySeconds(0); // no refresh tokens
} else if (newClient.getGrantTypes().contains("client_credentials")) {
newClient.setAccessTokenValiditySeconds((int)TimeUnit.HOURS.toSeconds(6)); // access tokens good for 6hr
newClient.setIdTokenValiditySeconds(0); // no id tokens
newClient.setRefreshTokenValiditySeconds(0); // no refresh tokens
}
} else {
newClient.setAccessTokenValiditySeconds((int)TimeUnit.HOURS.toSeconds(1)); // access tokens good for 1hr
newClient.setIdTokenValiditySeconds((int)TimeUnit.MINUTES.toSeconds(10)); // id tokens good for 10min
newClient.setRefreshTokenValiditySeconds(null); // refresh tokens good until revoked
}
// this client has been dynamically registered (obviously)
newClient.setDynamicallyRegistered(true);