more reasonable check for whether or not a user auth is present, addresses #602

pull/604/head
Justin Richer 11 years ago
parent 4e890a4d7d
commit df9c9747ce

@ -104,9 +104,12 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
* may or may not include the scope parameter. As long as the AuthorizationRequest * may or may not include the scope parameter. As long as the AuthorizationRequest
* has the proper scope, we can consider this a valid OpenID Connect request. Otherwise, * has the proper scope, we can consider this a valid OpenID Connect request. Otherwise,
* we consider it to be a vanilla OAuth2 request. * we consider it to be a vanilla OAuth2 request.
*
* Also, there must be a user authentication involved in the request for it to be considered
* OIDC and not OAuth, so we check for that as well.
*/ */
if (originalAuthRequest.getScope().contains("openid") if (originalAuthRequest.getScope().contains("openid")
&& originalAuthRequest.getAuthorities().contains(new SimpleGrantedAuthority("ROLE_USER"))) { && !authentication.isClientOnly()) {
String username = authentication.getName(); String username = authentication.getName();
UserInfo userInfo = userInfoService.getByUsernameAndClientId(username, clientId); UserInfo userInfo = userInfoService.getByUsernameAndClientId(username, clientId);

Loading…
Cancel
Save