diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java index ebcfb2cc1..69bfdf740 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java @@ -42,6 +42,8 @@ import javax.persistence.Id; import javax.persistence.JoinColumn; import javax.persistence.NamedQueries; import javax.persistence.NamedQuery; +import javax.persistence.PrePersist; +import javax.persistence.PreUpdate; import javax.persistence.Table; import javax.persistence.Temporal; import javax.persistence.TemporalType; @@ -65,6 +67,11 @@ import org.springframework.security.oauth2.provider.ClientDetails; }) public class ClientDetailsEntity implements ClientDetails { + /** + * + */ + private static final int DEFAULT_ID_TOKEN_VALIDITY_SECONDS = 600; + private static final long serialVersionUID = -1617727085733786296L; private Long id; @@ -213,6 +220,15 @@ public class ClientDetailsEntity implements ClientDetails { } + @PrePersist + @PreUpdate + private void prePersist() { + // make sure that ID tokens always time out, default to 5 minutes + if (getIdTokenValiditySeconds() == null) { + setIdTokenValiditySeconds(DEFAULT_ID_TOKEN_VALIDITY_SECONDS); + } + } + /** * @return the id */ @@ -270,6 +286,8 @@ public class ClientDetailsEntity implements ClientDetails { } /** + * Number of seconds ID token is valid for. MUST be a positive integer, can not be null. + * * @return the idTokenValiditySeconds */ @Basic diff --git a/openid-connect-server/src/main/resources/db/tables/hsql_database_tables.sql b/openid-connect-server/src/main/resources/db/tables/hsql_database_tables.sql index 5972579cd..2d58c9b48 100644 --- a/openid-connect-server/src/main/resources/db/tables/hsql_database_tables.sql +++ b/openid-connect-server/src/main/resources/db/tables/hsql_database_tables.sql @@ -78,7 +78,7 @@ CREATE TABLE IF NOT EXISTS client_details ( reuse_refresh_tokens BOOLEAN NOT NULL DEFAULT true, dynamically_registered BOOLEAN NOT NULL DEFAULT false, allow_introspection BOOLEAN NOT NULL DEFAULT false, - id_token_validity_seconds BIGINT, + id_token_validity_seconds BIGINT NOT NULL DEFAULT 600, client_id VARCHAR(256), client_secret VARCHAR(2048), diff --git a/openid-connect-server/src/main/resources/db/tables/mysql_database_tables.sql b/openid-connect-server/src/main/resources/db/tables/mysql_database_tables.sql index 12653cf21..328f40647 100644 --- a/openid-connect-server/src/main/resources/db/tables/mysql_database_tables.sql +++ b/openid-connect-server/src/main/resources/db/tables/mysql_database_tables.sql @@ -78,7 +78,7 @@ CREATE TABLE IF NOT EXISTS client_details ( reuse_refresh_tokens BOOLEAN NOT NULL DEFAULT 1, dynamically_registered BOOLEAN NOT NULL DEFAULT 0, allow_introspection BOOLEAN NOT NULL DEFAULT 0, - id_token_validity_seconds BIGINT, + id_token_validity_seconds BIGINT NOT NULL DEFAULT 600, client_id VARCHAR(256), client_secret VARCHAR(2048), diff --git a/openid-connect-server/src/main/webapp/resources/js/client.js b/openid-connect-server/src/main/webapp/resources/js/client.js index 45f846b56..7462649c7 100644 --- a/openid-connect-server/src/main/webapp/resources/js/client.js +++ b/openid-connect-server/src/main/webapp/resources/js/client.js @@ -293,11 +293,6 @@ var ClientFormView = Backbone.View.extend({ $("#access-token-timeout-unit", this.$el).prop('disabled',!$("#access-token-timeout-unit", this.$el).prop('disabled')); document.getElementById("access-token-timeout-time").value = ''; }, - "click #disableIDTokenTimeout" : function() { - $("#id-token-timeout-time", this.$el).prop('disabled',!$("#id-token-timeout-time", this.$el).prop('disabled')); - $("#id-token-timeout-unit", this.$el).prop('disabled',!$("#id-token-timeout-unit", this.$el).prop('disabled')); - document.getElementById("id-token-timeout-time").value = ''; - }, "click #disableRefreshTokenTimeout" : function() { $("#refresh-token-timeout-time", this.$el).prop('disabled',!$("#refresh-token-timeout-time", this.$el).prop('disabled')); $("#refresh-token-timeout-unit", this.$el).prop('disabled',!$("#refresh-token-timeout-unit", this.$el).prop('disabled')); @@ -449,10 +444,7 @@ var ClientFormView = Backbone.View.extend({ accessTokenValiditySeconds = this.getFormTokenNumberValue($('#accessTokenValidityTime input[type=text]').val(), $('#accessTokenValidityTime select').val()); } - var idTokenValiditySeconds = null; - if (!$('disableIDTokenTimeout').is(':checked')) { - idTokenValiditySeconds = this.getFormTokenNumberValue($('#idTokenValidityTime input[type=text]').val(), $('#idTokenValidityTime select').val()); - } + var idTokenValiditySeconds = this.getFormTokenNumberValue($('#idTokenValidityTime input[type=text]').val(), $('#idTokenValidityTime select').val()); var refreshTokenValiditySeconds = null; if ($('#allowRefresh').is(':checked')) { @@ -518,10 +510,6 @@ var ClientFormView = Backbone.View.extend({ attrs["refreshTokenValiditySeconds"] = null; } - if ($('#disableIDTokenTimeout').is(':checked')) { - attrs["idTokenValiditySeconds"] = null; - } - if ($('#disableAccessTokenTimeout').is(':checked')) { attrs["accessTokenValiditySeconds"] = null; } @@ -637,11 +625,6 @@ var ClientFormView = Backbone.View.extend({ $("#refresh-token-timeout-unit", this.$el).prop('disabled',true); } - if (this.model.get("idTokenValiditySeconds") == null) { - $("#id-token-timeout-time", this.$el).prop('disabled',true); - $("#id-token-timeout-unit", this.$el).prop('disabled',true); - } - // toggle other dynamic fields this.toggleRequireClientSecret(); this.previewLogo(); diff --git a/openid-connect-server/src/main/webapp/resources/template/client.html b/openid-connect-server/src/main/webapp/resources/template/client.html index e1cfc3ad7..360dc05c5 100644 --- a/openid-connect-server/src/main/webapp/resources/template/client.html +++ b/openid-connect-server/src/main/webapp/resources/template/client.html @@ -376,11 +376,6 @@
-
- -