github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

addresses issue #382. Throw an exception when client tries to upscope.

pull/419/merge
William Kim 12 years ago
parent
0d8c2442d2
commit
ada54c297d
1 changed files with 4 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 7
      openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java

7
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
Unescape View File

@ -40,6 +40,7 @@ import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.common.exceptions.InvalidClientException; import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.OAuth2Authentication;
@ -198,9 +199,9 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
// set the scope of the new access token if requested // set the scope of the new access token if requested
token.setScope(scope); token.setScope(scope);
} else { } else {
// up-scoping is not allowed String errorMsg = "Up-scoping is not allowed.";
// (TODO: should this throw InvalidScopeException? For now just pass through) logger.error(errorMsg);
token.setScope(refreshScopes); throw new InvalidScopeException(errorMsg);
} }
} else { } else {
// otherwise inherit the scope of the refresh token (if it's there -- this can return a null scope set) // otherwise inherit the scope of the refresh token (if it's there -- this can return a null scope set)

Write Preview
Loading…
Cancel
Save