github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fixed inadvertent consistency bug in granting offline_access to clients

pull/324/merge
Justin Richer 2013-04-19 16:12:09 -04:00
parent 7307b4b19d
commit d7689152b8
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java
View File

@ -91,8 +91,12 @@ public class ClientDynamicRegistrationEndpoint {
// set default grant types if needed // set default grant types if needed
if (newClient.getGrantTypes() == null || newClient.getGrantTypes().isEmpty()) { if (newClient.getGrantTypes() == null || newClient.getGrantTypes().isEmpty()) {
if (newClient.getScope().contains("offline_access")) { // client asked for offline access
newClient.setGrantTypes(Sets.newHashSet("authorization_code", "refresh_token")); // allow authorization code and refresh token grant types by default
} else {
newClient.setGrantTypes(Sets.newHashSet("authorization_code")); // allow authorization code grant type by default newClient.setGrantTypes(Sets.newHashSet("authorization_code")); // allow authorization code grant type by default
} }
}
// set default response types if needed // set default response types if needed
// TODO: these aren't checked by SECOAUTH // TODO: these aren't checked by SECOAUTH