From b81e8e7ed5c7f36ae47ac556ac83fee140b87542 Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mit.edu>
Date: Mon, 9 Jun 2014 16:35:47 -0400
Subject: [PATCH] got rid of extraneous "require client secret" box

---
 .../src/main/webapp/resources/js/admin.js     |  9 +----
 .../src/main/webapp/resources/js/client.js    | 37 ++++++++++++-------
 .../webapp/resources/template/client.html     | 26 +++++--------
 3 files changed, 34 insertions(+), 38 deletions(-)

diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/admin.js b/openid-connect-server-webapp/src/main/webapp/resources/js/admin.js
index b0f0e47a7..14ba31ffd 100644
--- a/openid-connect-server-webapp/src/main/webapp/resources/js/admin.js
+++ b/openid-connect-server-webapp/src/main/webapp/resources/js/admin.js
@@ -522,8 +522,7 @@ var AppRouter = Backbone.Router.extend({
         view.load(function() {
         	// set up this new client to require a secret and have us autogenerate one
         	client.set({
-        		tokenEndpointAuthMethod: "client_secret_basic",
-        		requireClientSecret:true, 
+        		tokenEndpointAuthMethod: "SECRET_BASIC",
         		generateClientSecret:true,
         		displayClientSecret:false,
         		requireAuthTime:true,
@@ -573,12 +572,6 @@ var AppRouter = Backbone.Router.extend({
     	client.fetch({
     			success: function(client, response, options) {
     				$('#loading-client').addClass('label-success');
-    				
-    				if (client.get("clientSecret") == null) {
-    		        	client.set({
-    		        		requireClientSecret:false
-    		        	}, { silent: true });
-    		        }
     		        
     		        if ($.inArray("refresh_token", client.get("grantTypes")) != -1) {
     		        	client.set({
diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/client.js b/openid-connect-server-webapp/src/main/webapp/resources/js/client.js
index 2b4df9aac..27f2e06ba 100644
--- a/openid-connect-server-webapp/src/main/webapp/resources/js/client.js
+++ b/openid-connect-server-webapp/src/main/webapp/resources/js/client.js
@@ -90,7 +90,6 @@ var ClientModel = Backbone.Model.extend({
         allowRefresh:false,
         displayClientSecret: false,
         generateClientSecret: false,
-        requireClientSecret: true,
     },
 
     urlRoot:"api/clients",
@@ -490,7 +489,7 @@ var ClientFormView = Backbone.View.extend({
         	document.getElementById("refresh-token-timeout-time").value = ''; 	
         	},
         "click .btn-cancel":"cancel",
-        "change #requireClientSecret":"toggleRequireClientSecret",
+        "change #tokenEndpointAuthMethod input:radio":"toggleRequireClientSecret",
         "change #displayClientSecret":"toggleDisplayClientSecret",
         "change #generateClientSecret":"toggleGenerateClientSecret",
         "change #logoUri input":"previewLogo"
@@ -541,15 +540,28 @@ var ClientFormView = Backbone.View.extend({
      */
     toggleRequireClientSecret:function() {
     	
-    	if ($('#requireClientSecret input', this.el).is(':checked')) {
-    		// client secret is required, show all the bits
-    		$('#clientSecretPanel', this.el).show();
-    		// this function sets up the display portions
-    		this.toggleGenerateClientSecret();
-    	} else {
-    		// no client secret, hide all the bits
-    		$('#clientSecretPanel', this.el).hide();        		
-    	}
+        var tokenEndpointAuthMethod = $('#tokenEndpointAuthMethod input', this.el).filter(':checked').val();
+        
+        if (tokenEndpointAuthMethod == 'SECRET_BASIC' 
+        	|| tokenEndpointAuthMethod == 'SECRET_POST'
+        	|| tokenEndpointAuthMethod == 'SECRET_JWT') {
+        	
+        	// client secret is required, show all the bits
+        	$('#clientSecretPanel', this.el).show();
+        	// this function sets up the display portions
+        	this.toggleGenerateClientSecret();
+        } else {
+        	// no client secret, hide all the bits
+        	$('#clientSecretPanel', this.el).hide();        		        	
+        }
+        
+        // show or hide the signing algorithm method depending on what's selected
+        if (tokenEndpointAuthMethod == 'PRIVATE_KEY'
+        	|| tokenEndpointAuthMethod == 'SECRET_JWT') {
+        	$('#tokenEndpointAuthSigningAlg', this.el).show();
+        } else {
+        	$('#tokenEndpointAuthSigningAlg', this.el).hide();
+        }
     },
     
     /**
@@ -671,11 +683,10 @@ var ClientFormView = Backbone.View.extend({
         	}
         });
 
-        var requireClientSecret = $('#requireClientSecret input').is(':checked');
         var generateClientSecret = $('#generateClientSecret input').is(':checked');
         var clientSecret = null;
         
-        if (requireClientSecret && !generateClientSecret) {
+        if (!generateClientSecret) {
         	// if it's required but we're not generating it, send the value to preserve it
         	clientSecret = $('#clientSecret input').val();
         }
diff --git a/openid-connect-server-webapp/src/main/webapp/resources/template/client.html b/openid-connect-server-webapp/src/main/webapp/resources/template/client.html
index f52215121..0c8e1003d 100644
--- a/openid-connect-server-webapp/src/main/webapp/resources/template/client.html
+++ b/openid-connect-server-webapp/src/main/webapp/resources/template/client.html
@@ -375,16 +375,8 @@
 				</div>
 			</div>
 
-			<div class="control-group" id="requireClientSecret">
-				<label class="control-label">Client Secret</label>
-				<div class="controls">
-					<label class="checkbox">
-						<input type="checkbox" <%=(requireClientSecret == true ? 'checked' : '')%>> Require client secret?
-					</label>
-				</div>
-			</div>
-
 			<div id="clientSecretPanel">
+				<label class="control-label">Client Secret</label>
 
 				<div class="control-group" id="generateClientSecret">
 					<div class="controls">
@@ -419,14 +411,6 @@
 
 			</div>
 
-			<div class="control-group" id="jwksUri">
-				<label class="control-label">JWK Set</label>
-				<div class="controls">
-					<input placeholder="https://" value="<%=jwksUri%>" maxlength="1000" type="text" class=""/>
-					<p class="help-block">URL for the client's JSON Web Key set</p>
-				</div>
-			</div>
-
             <div class="control-group" id="tokenEndpointAuthSigningAlg">
                 <label class="control-label">Token Endpoint Authentication Signing Algorithm</label>
                 <div class="controls">
@@ -445,6 +429,14 @@
                 </div>
             </div>
 			
+			<div class="control-group" id="jwksUri">
+				<label class="control-label">JWK Set</label>
+				<div class="controls">
+					<input placeholder="https://" value="<%=jwksUri%>" maxlength="1000" type="text" class=""/>
+					<p class="help-block">URL for the client's JSON Web Key set</p>
+				</div>
+			</div>
+
 	</div>
 
 	<div class="tab-pane" id="client-token-tab">