From df9c9747ce1f085d3e7f4e20e837a1f02ffe319d Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Fri, 23 May 2014 11:49:51 -0400 Subject: [PATCH] more reasonable check for whether or not a user auth is present, addresses #602 --- .../mitre/openid/connect/token/ConnectTokenEnhancer.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java index 13d5bb894..aaca852f4 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java @@ -104,9 +104,12 @@ public class ConnectTokenEnhancer implements TokenEnhancer { * may or may not include the scope parameter. As long as the AuthorizationRequest * has the proper scope, we can consider this a valid OpenID Connect request. Otherwise, * we consider it to be a vanilla OAuth2 request. + * + * Also, there must be a user authentication involved in the request for it to be considered + * OIDC and not OAuth, so we check for that as well. */ - if (originalAuthRequest.getScope().contains("openid") - && originalAuthRequest.getAuthorities().contains(new SimpleGrantedAuthority("ROLE_USER"))) { + if (originalAuthRequest.getScope().contains("openid") + && !authentication.isClientOnly()) { String username = authentication.getName(); UserInfo userInfo = userInfoService.getByUsernameAndClientId(username, clientId);