github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

added redelegate scope to client list, fixed inconsistency with refresh token issuance (addresses #239)

pull/263/head
Justin Richer 2012-12-10 16:53:05 -05:00
parent 510ddb48b7
commit 94c37f5815
4 changed files with 52 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
View File

@ -33,6 +33,7 @@ import org.mitre.openid.connect.service.WhitelistedSiteService;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.oauth2.common.exceptions.InvalidClientException; import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.provider.refresh.RefreshTokenGranter;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import com.google.common.base.Strings; import com.google.common.base.Strings;
@ -85,6 +86,18 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
client = generateClientId(client); client = generateClientId(client);
} }
// if the client is flagged to allow for refresh tokens, make sure it's got the right granted authority
if (client.isAllowRefresh()) {
client.getAuthorizedGrantTypes().add("refresh_token");
} else {
client.getAuthorizedGrantTypes().remove("refresh_token");
}
if (client.getAuthorizedGrantTypes().contains("refresh_token")) {
client.setAllowRefresh(true);
} else {
client.setAllowRefresh(false);
}
return clientRepository.saveClient(client); return clientRepository.saveClient(client);
} }
@ -156,6 +169,18 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
} }
} }
// if the client is flagged to allow for refresh tokens, make sure it's got the right granted authority
if (newClient.isAllowRefresh()) {
newClient.getAuthorizedGrantTypes().add("refresh_token");
} else {
newClient.getAuthorizedGrantTypes().remove("refresh_token");
}
if (newClient.getAuthorizedGrantTypes().contains("refresh_token")) {
newClient.setAllowRefresh(true);
} else {
newClient.setAllowRefresh(false);
}
return clientRepository.updateClient(oldClient.getId(), newClient); return clientRepository.updateClient(oldClient.getId(), newClient);
} }
throw new IllegalArgumentException("Neither old client or new client can be null!"); throw new IllegalArgumentException("Neither old client or new client can be null!");

1
openid-connect-server/src/main/resources/db/clients.sql
View File

@ -27,6 +27,7 @@ INSERT INTO redirect_uri_TEMP (owner_id, redirect_uri) VALUES
INSERT INTO authorized_grant_type_TEMP (owner_id, authorized_grant_type) VALUES INSERT INTO authorized_grant_type_TEMP (owner_id, authorized_grant_type) VALUES
('client', 'authorization_code'), ('client', 'authorization_code'),
('client', 'urn:ietf:params:oauth:grant_type:redelegate'),
('client', 'implicit'); ('client', 'implicit');
-- --

16
openid-connect-server/src/main/webapp/resources/js/admin.js
View File

@ -514,15 +514,24 @@
else return value; else return value;
}, },
// maps from a form-friendly name to the real grant parameter name
authorizedGrantMap:{
"authorization_code": "authorization_code",
"password": "password",
"implicit": "implicit",
"client_credentials": "client_credentials",
"redelegate": "urn:ietf:params:oauth:grant_type:redelegate"
},
saveClient:function (event) { saveClient:function (event) {
$('.control-group').removeClass('error'); $('.control-group').removeClass('error');
// build the grant type object // build the grant type object
var authorizedGrantTypes = []; var authorizedGrantTypes = [];
$.each(["authorization_code","client_credentials","password","implicit"],function(index,type) { $.each(["authorization_code","client_credentials","password","implicit","urn:ietf:params:oauth:grant_type:redelegate"],function(index,type) {
if ($('#authorizedGrantTypes-' + type).is(':checked')) { if ($('#authorizedGrantTypes-' + type).is(':checked')) {
authorizedGrantTypes.push(type); authorizedGrantTypes.push(authorizedGrantMap[type]);
} }
}); });
@ -548,6 +557,9 @@
var refreshTokenValiditySeconds = null; var refreshTokenValiditySeconds = null;
if ($('#allowRefresh').is(':checked') && !$('disableRefreshTokenTimeout').is(':checked')) { if ($('#allowRefresh').is(':checked') && !$('disableRefreshTokenTimeout').is(':checked')) {
refreshTokenValiditySeconds = this.getFormTokenValue($('#refreshTokenValiditySeconds input[type=text]').val()); refreshTokenValiditySeconds = this.getFormTokenValue($('#refreshTokenValiditySeconds input[type=text]').val());
if ($.inArray('refresh_token', authorizedGrantTypes) == -1) {
authorizedGrantTypes.push('refresh_token');
}
} }
var valid = this.model.set({ var valid = this.model.set({

11
openid-connect-server/src/main/webapp/resources/template/admin.html
View File

@ -179,6 +179,17 @@
<input id="authorizedGrantTypes-implicit" type="checkbox" <%=($.inArray("implicit", <input id="authorizedGrantTypes-implicit" type="checkbox" <%=($.inArray("implicit",
authorizedGrantTypes) > -1 ? 'checked' : '')%>> implicit authorizedGrantTypes) > -1 ? 'checked' : '')%>> implicit
</label> </label>
<!--
<label class="checkbox">
<input id="authorizedGrantTypes-refresh_token" type="checkbox" <%=($.inArray("refresh_token",
authorizedGrantTypes) > -1 ? 'checked' : '')%>> refresh
</label>
-->
<label class="checkbox">
<input id="authorizedGrantTypes-redelegate" type="checkbox" <%=($.inArray("urn:ietf:params:oauth:grant_type:redelegate",
authorizedGrantTypes) > -1 ? 'checked' : '')%>> redelegate
</label>
</div> </div>
</div> </div>