github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

client API now generates client secret only for clients that require a client secret

pull/618/head
Justin Richer 2014-06-09 16:00:55 -04:00
parent 71fa796b42
commit cac645484f
1 changed files with 35 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
View File

@ -23,6 +23,7 @@ import org.mitre.jose.JWEAlgorithmEmbed;
import org.mitre.jose.JWEEncryptionMethodEmbed;
import org.mitre.jose.JWSAlgorithmEmbed;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.openid.connect.model.UserInfo;
import org.mitre.openid.connect.service.UserInfoService;
@ -158,14 +159,26 @@ public class ClientAPI {
// if they leave the client identifier empty, force it to be generated
if (Strings.isNullOrEmpty(client.getClientId())) {
client = clientService.generateClientId(client);
}
if (client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_BASIC)
|| client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_POST)
|| client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)) {
// if they've asked for us to generate a client secret (or they left it blank but require one), do so here
if (json.has("generateClientSecret") && json.get("generateClientSecret").getAsBoolean()
|| Strings.isNullOrEmpty(client.getClientSecret())) {
client = clientService.generateClientSecret(client);
}
} else {
// otherwise (PRIVATE_KEY or NONE), we shouldn't have a secret for this client
client.setClientSecret(null);
}
// if they've asked for us to generate a client secret, do so here
if (json.has("generateClientSecret") && json.get("generateClientSecret").getAsBoolean()) {
client = clientService.generateClientSecret(client);
}
// set owners as current logged in user
// set owners as current logged in user if owners aren't set otherwise
// try to look up a user based on the principal's name
if (client.getContacts() == null || client.getContacts().isEmpty()) {
UserInfo user = userInfoService.getByUsername(auth.getName());
@ -232,12 +245,24 @@ public class ClientAPI {
client = clientService.generateClientId(client);
}
// if they've asked for us to generate a client secret, do so here
if (json.has("generateClientSecret") && json.get("generateClientSecret").getAsBoolean()) {
client = clientService.generateClientSecret(client);
if (client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_BASIC)
|| client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_POST)
|| client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)) {
// if they've asked for us to generate a client secret (or they left it blank but require one), do so here
if (json.has("generateClientSecret") && json.get("generateClientSecret").getAsBoolean()
|| Strings.isNullOrEmpty(client.getClientSecret())) {
client = clientService.generateClientSecret(client);
}
} else {
// otherwise (PRIVATE_KEY or NONE), we shouldn't have a secret for this client
client.setClientSecret(null);
}
// set owners as current logged in user
// set owners as current logged in user if owners aren't set otherwise
// try to look up a user based on the principal's name
if (client.getContacts() == null || client.getContacts().isEmpty()) {
UserInfo user = userInfoService.getByUsername(auth.getName());