github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/issues/431: 

Generating a new registration access token on read/update call and
revoking the token issued earlier.
pull/620/head
Trilok Jain 2014-06-12 18:36:07 +05:30 committed by Justin Richer
parent 199131ba77
commit ed3e6a2814
1 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java
View File

@ -202,10 +202,8 @@ public class ClientDynamicRegistrationEndpoint {
if (client != null && client.getClientId().equals(auth.getOAuth2Request().getClientId())) { if (client != null && client.getClientId().equals(auth.getOAuth2Request().getClientId())) {
//Get rid of the old token and issue a new token
// we return the token that we got in OAuth2AccessTokenEntity token = rotateRegistrationToken(auth, client);
OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) auth.getDetails();
OAuth2AccessTokenEntity token = tokenService.readAccessToken(details.getTokenValue());
try { try {
RegisteredClient registered = new RegisteredClient(client, token.getValue(), config.getIssuer() + "register/" + UriUtils.encodePathSegment(client.getClientId(), "UTF-8")); RegisteredClient registered = new RegisteredClient(client, token.getValue(), config.getIssuer() + "register/" + UriUtils.encodePathSegment(client.getClientId(), "UTF-8"));
@ -293,10 +291,8 @@ public class ClientDynamicRegistrationEndpoint {
// save the client // save the client
ClientDetailsEntity savedClient = clientService.updateClient(oldClient, newClient); ClientDetailsEntity savedClient = clientService.updateClient(oldClient, newClient);
// we return the token that we got in //Get rid of the old token and issue a new token
// TODO: rotate this after some set amount of time OAuth2AccessTokenEntity token = rotateRegistrationToken(auth, savedClient);
OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) auth.getDetails();
OAuth2AccessTokenEntity token = tokenService.readAccessToken(details.getTokenValue());
RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "register/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8")); RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "register/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8"));
@ -524,4 +520,14 @@ public class ClientDynamicRegistrationEndpoint {
return newClient; return newClient;
} }
private OAuth2AccessTokenEntity rotateRegistrationToken(OAuth2Authentication auth, ClientDetailsEntity client)
{
OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) auth.getDetails();
OAuth2AccessTokenEntity token = tokenService.readAccessToken(details.getTokenValue());
tokenService.revokeAccessToken(token);
OAuth2AccessTokenEntity newToken = connectTokenService.createRegistrationAccessToken(client);
tokenService.saveAccessToken(newToken);
return newToken;
}
} }