Made full URLs for device flow switchable server-wide instead of per-client

2018-05-03 14:37:50 -04:00 · 2018-05-03 14:37:50 -04:00 · a596cc1fd4
parent 7ad29ae9c6
commit a596cc1fd4
3 changed files with 30 additions and 7 deletions
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java
@ -68,6 +68,8 @@ public class ConfigurationPropertiesBean {
 	private boolean dualClient = false;

 	private boolean heartMode = false;
+	
+	private boolean allowCompleteDeviceCodeUri = false;

 	public ConfigurationPropertiesBean() {

@ -257,4 +259,18 @@ public class ConfigurationPropertiesBean {
 	public void setHeartMode(boolean heartMode) {
 		this.heartMode = heartMode;
 	}
+
+	/**
+	 * @return the allowCompleteDeviceCodeUri
+	 */
+	public boolean isAllowCompleteDeviceCodeUri() {
+		return allowCompleteDeviceCodeUri;
+	}
+
+	/**
+	 * @param allowCompleteDeviceCodeUri the allowCompleteDeviceCodeUri to set
+	 */
+	public void setAllowCompleteDeviceCodeUri(boolean allowCompleteDeviceCodeUri) {
+		this.allowCompleteDeviceCodeUri = allowCompleteDeviceCodeUri;
+	}
 }
--- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/server-config.xml
+++ b/openid-connect-server-webapp/src/main/webapp/WEB-INF/server-config.xml
@ -68,6 +68,10 @@
 		<!-- This property turns on HEART compliance mode -->
 		<!-- <property name="heartMode" value="true" /> -->

+        <!-- This property allows the server to create and accept fully-composed 
+        user URIs (with the user-code emebedded) for the device flow -->
+        <!-- <property name="allowCompleteDeviceCodeUri" value="true" /> -->
+
 	</bean>
 	
 </beans>
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/DeviceEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/DeviceEndpoint.java
@ -138,18 +138,21 @@ public class DeviceEndpoint {
 		try {
 			DeviceCode dc = deviceCodeService.createNewDeviceCode(requestedScopes, client, parameters);

-			URI verificationUriComplete  = new URIBuilder(config.getIssuer() + USER_URL)
-				.addParameter("user_code", dc.getUserCode())
-				.build();
-
 			Map<String, Object> response = new HashMap<>();
 			response.put("device_code", dc.getDeviceCode());
 			response.put("user_code", dc.getUserCode());
 			response.put("verification_uri", config.getIssuer() + USER_URL);
-			response.put("verification_uri_complete", verificationUriComplete);
 			if (client.getDeviceCodeValiditySeconds() != null) {
 				response.put("expires_in", client.getDeviceCodeValiditySeconds());
 			}
+			
+			if (config.isAllowCompleteDeviceCodeUri()) {
+				URI verificationUriComplete  = new URIBuilder(config.getIssuer() + USER_URL)
+					.addParameter("user_code", dc.getUserCode())
+					.build();
+
+				response.put("verification_uri_complete", verificationUriComplete.toString());
+			}
 	
 			model.put(JsonEntityView.ENTITY, response);
 	
@ -175,8 +178,8 @@ public class DeviceEndpoint {
 	@RequestMapping(value = "/" + USER_URL, method = RequestMethod.GET)
 	public String requestUserCode(@RequestParam(value = "user_code", required = false) String userCode, ModelMap model, HttpSession session) {

-		if (userCode == null) {
-
+		if (!config.isAllowCompleteDeviceCodeUri() || userCode == null) {
+			// if we don't allow the complete URI or we didn't get a user code on the way in,
 			// print out a page that asks the user to enter their user code
 			// user must be logged in
 			return "requestUserCode";