github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

temporary sanity check for client ID's

pull/263/head
Justin Richer 2012-12-10 11:40:03 -05:00
parent 4bd289c18c
commit bdcc6af096
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java
View File

@ -12,6 +12,7 @@ import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.oauth2.service.OAuth2TokenEntityService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
@ -76,6 +77,12 @@ public class ChainedTokenGranter extends AbstractTokenGranter {
requestedScopes = new HashSet<String>();
}
// Check the incoming client id against the client that was issued the original token
// TODO: right now, this only lets a client chain a request, not a resource server. We need
// a way to let one client get a token chained from another client's token, securely.
if (!client.getClientId().equals(authorizationRequest.getClientId())) {
throw new InvalidClientException("Not the right client for this token");
}
// if our scopes are a valid subset of what's allowed, we can continue
if (approvedScopes.containsAll(requestedScopes)) {