github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

forbid password grant type in HEART mode

pull/1046/head
Justin Richer 2016-03-10 12:30:48 -05:00
parent 52061ff05a
commit d75bba218d
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
View File

@ -272,6 +272,10 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
}
if (client.getGrantTypes().contains("password")) {
throw new IllegalArgumentException("[HEART mode] Password grant type is forbidden");
}
// make sure we don't have a client secret
if (!Strings.isNullOrEmpty(client.getClientSecret())) {
throw new IllegalArgumentException("[HEART mode] Client secrets are not allowed");