diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java index a6e384c71..1de5a33e9 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java @@ -84,7 +84,7 @@ public class ClientDetailsEntity implements ClientDetails { /** Fields from Client Registration Specification **/ private AppType applicationType; private String clientName; - private AuthType tokenEndpointAuthType = AuthType.SECRET_BASIC; + private AuthMethod tokenEndpointAuthMethod = AuthMethod.SECRET_BASIC; private SubjectType subjectType; private Set contacts; @@ -116,7 +116,7 @@ public class ClientDetailsEntity implements ClientDetails { private String defaultACR; - public enum AuthType { + public enum AuthMethod { SECRET_POST("client_secret_post"), SECRET_BASIC("client_secret_basic"), SECRET_JWT("client_secret_jwt"), @@ -126,14 +126,14 @@ public class ClientDetailsEntity implements ClientDetails { private final String value; // map to aid reverse lookup - private static final Map lookup = new HashMap(); + private static final Map lookup = new HashMap(); static { - for (AuthType a : AuthType.values()) { + for (AuthMethod a : AuthMethod.values()) { lookup.put(a.getValue(), a); } } - AuthType(String value) { + AuthMethod(String value) { this.value = value; } @@ -141,7 +141,7 @@ public class ClientDetailsEntity implements ClientDetails { return value; } - public static AuthType getByValue(String value) { + public static AuthMethod getByValue(String value) { return lookup.get(value); } } @@ -537,13 +537,13 @@ public class ClientDetailsEntity implements ClientDetails { } @Enumerated(EnumType.STRING) - @Column(name="token_endpoint_auth_type") - public AuthType getTokenEndpointAuthType() { - return tokenEndpointAuthType; + @Column(name="token_endpoint_auth_method") + public AuthMethod getTokenEndpointAuthMethod() { + return tokenEndpointAuthMethod; } - public void setTokenEndpointAuthType(AuthType tokenEndpointAuthType) { - this.tokenEndpointAuthType = tokenEndpointAuthType; + public void setTokenEndpointAuthMethod(AuthMethod tokenEndpointAuthMethod) { + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; } @Enumerated(EnumType.STRING) @@ -841,8 +841,8 @@ public class ClientDetailsEntity implements ClientDetails { + applicationType + ", " : "") + (clientName != null ? "clientName=" + clientName + ", " : "") - + (tokenEndpointAuthType != null ? "tokenEndpointAuthType=" - + tokenEndpointAuthType + ", " : "") + + (tokenEndpointAuthMethod != null ? "tokenEndpointAuthMethod=" + + tokenEndpointAuthMethod + ", " : "") + (subjectType != null ? "subjectType=" + subjectType + ", " : "") + (contacts != null ? "contacts=" + contacts + ", " : "") + (logoUrl != null ? "logoUrl=" + logoUrl + ", " : "") @@ -980,7 +980,7 @@ public class ClientDetailsEntity implements ClientDetails { .hashCode()); result = prime * result - + ((tokenEndpointAuthType == null) ? 0 : tokenEndpointAuthType + + ((tokenEndpointAuthMethod == null) ? 0 : tokenEndpointAuthMethod .hashCode()); result = prime * result + ((subjectType == null) ? 0 : subjectType.hashCode()); @@ -1209,7 +1209,7 @@ public class ClientDetailsEntity implements ClientDetails { } else if (!sectorIdentifierUrl.equals(other.sectorIdentifierUrl)) { return false; } - if (tokenEndpointAuthType != other.tokenEndpointAuthType) { + if (tokenEndpointAuthMethod != other.tokenEndpointAuthMethod) { return false; } if (subjectType != other.subjectType) { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java index c3a77cbcb..8f2edb033 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java @@ -9,7 +9,7 @@ import org.mitre.jwt.signer.JwsAlgorithm; import org.mitre.oauth2.exception.ClientNotFoundException; import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.ClientDetailsEntity.AppType; -import org.mitre.oauth2.model.ClientDetailsEntity.AuthType; +import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType; import org.mitre.oauth2.model.OAuth2AccessTokenEntity; import org.mitre.oauth2.service.ClientDetailsEntityService; @@ -75,19 +75,19 @@ public class ClientDynamicRegistrationEndpoint { /* * Authentication type */ - binder.registerCustomEditor(AuthType.class, new PropertyEditorSupport() { + binder.registerCustomEditor(AuthMethod.class, new PropertyEditorSupport() { @Override public void setAsText(String text) throws IllegalArgumentException { if (Strings.isNullOrEmpty(text)) { setValue(null); } else { - setValue(AuthType.getByValue(text)); + setValue(AuthMethod.getByValue(text)); } } @Override public String getAsText() { - AuthType at = (AuthType) getValue(); + AuthMethod at = (AuthMethod) getValue(); return at == null ? null : at.getValue(); } }); @@ -190,7 +190,7 @@ public class ClientDynamicRegistrationEndpoint { @RequestParam(value = "logo_url", required = false) String logoUrl, @RequestParam(value = "contacts", required = false) Set contacts, @RequestParam(value = "tos_url", required = false) String tosUrl, - @RequestParam(value = "token_endpoint_auth_type", required = false) AuthType tokenEndpointAuthType, + @RequestParam(value = "token_endpoint_auth_method", required = false) AuthMethod tokenEndpointAuthMethod, @RequestParam(value = "policy_url", required = false) String policyUrl, @RequestParam(value = "scope", required = false) Set scope, @@ -230,7 +230,7 @@ public class ClientDynamicRegistrationEndpoint { ClientDetailsEntity client = new ClientDetailsEntity(); // if it's not using a private key or no auth, then generate a secret - if (tokenEndpointAuthType != AuthType.PRIVATE_KEY && tokenEndpointAuthType != AuthType.NONE) { + if (tokenEndpointAuthMethod != AuthMethod.PRIVATE_KEY && tokenEndpointAuthMethod != AuthMethod.NONE) { client = clientService.generateClientSecret(client); } @@ -241,7 +241,7 @@ public class ClientDynamicRegistrationEndpoint { client.setTosUrl(tosUrl); client.setLogoUrl(logoUrl); client.setRegisteredRedirectUri(redirectUris); - client.setTokenEndpointAuthType(tokenEndpointAuthType); + client.setTokenEndpointAuthMethod(tokenEndpointAuthMethod); client.setPolicyUrl(policyUrl); client.setJwkUrl(jwkUrl); client.setJwkEncryptionUrl(jwkEncryptionUrl); @@ -353,7 +353,7 @@ public class ClientDynamicRegistrationEndpoint { @RequestParam(value = "logo_url", required = false) String logoUrl, @RequestParam(value = "contacts", required = false) Set contacts, @RequestParam(value = "tos_url", required = false) String tosUrl, - @RequestParam(value = "token_endpoint_auth_type", required = false) AuthType tokenEndpointAuthType, + @RequestParam(value = "token_endpoint_auth_method", required = false) AuthMethod tokenEndpointAuthMethod, @RequestParam(value = "policy_url", required = false) String policyUrl, @RequestParam(value = "scope", required = false) Set scope, @@ -425,8 +425,8 @@ public class ClientDynamicRegistrationEndpoint { if (params.containsKey("redirect_uris")) { client.setRegisteredRedirectUri(redirectUris); } - if (params.containsKey("token_endpoint_auth_type")) { - client.setTokenEndpointAuthType(tokenEndpointAuthType); + if (params.containsKey("token_endpoint_auth_method")) { + client.setTokenEndpointAuthMethod(tokenEndpointAuthMethod); } if (params.containsKey("policy_url")) { client.setPolicyUrl(Strings.emptyToNull(policyUrl)); diff --git a/openid-connect-server/src/main/java/org/mitre/swd/web/SimpleWebDiscoveryEndpoint.java b/openid-connect-server/src/main/java/org/mitre/swd/web/SimpleWebDiscoveryEndpoint.java index 0ff7b459f..f27ef04e9 100644 --- a/openid-connect-server/src/main/java/org/mitre/swd/web/SimpleWebDiscoveryEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/swd/web/SimpleWebDiscoveryEndpoint.java @@ -92,7 +92,7 @@ public class SimpleWebDiscoveryEndpoint { userinfo_algs_supported array A JSON array containing a list of the JWS [JWS] and JWE [JWE] signing and encryption algorithms [JWA] supported by the UserInfo Endpoint to encode the JWT [JWT]. id_token_algs_supported array A JSON array containing a list of the JWS and JWE signing and encryption algorithms [JWA] supported by the Authorization Server for the ID Token to encode the JWT [JWT]. request_object_algs_supported array A JSON array containing a list of the JWS and JWE signing and encryption algorithms [JWA] supported by the Authorization Server for the OpenID Request Object described in Section 2.1.2.1 of OpenID Connect Messages [OpenID.Messages] to encode the JWT [JWT]. Servers SHOULD support RS256. - token_endpoint_auth_types_supported array A JSON array containing a list of authentication types supported by this Token Endpoint. The options are client_secret_post, client_secret_basic, client_secret_jwt, and private_key_jwt, as described in Section 2.2.1 of OpenID Connect Messages 1.0 [OpenID.Messages]. Other Authentication types may be defined by extension. If unspecified or omitted, the default is client_secret_basic HTTP Basic Authentication Scheme as specified in Section 2.3.1 of OAuth 2.0 [OAuth2.0]. + token_endpoint_auth_methods_supported array A JSON array containing a list of authentication types supported by this Token Endpoint. The options are client_secret_post, client_secret_basic, client_secret_jwt, and private_key_jwt, as described in Section 2.2.1 of OpenID Connect Messages 1.0 [OpenID.Messages]. Other Authentication types may be defined by extension. If unspecified or omitted, the default is client_secret_basic HTTP Basic Authentication Scheme as specified in Section 2.3.1 of OAuth 2.0 [OAuth2.0]. token_endpoint_auth_algs_supported array A JSON array containing a list of the JWS signing algorithms [JWA] supported by the Token Endpoint for the private_key_jwt method to encode the JWT [JWT]. Servers SHOULD support RS256. * */ @@ -115,7 +115,7 @@ public class SimpleWebDiscoveryEndpoint { m.put("registration_endpoint", baseUrl + "register"); m.put("scopes_supported", Lists.newArrayList("openid", "email", "profile", "address", "phone")); m.put("response_types_supported", Lists.newArrayList("code")); - m.put("token_endpoint_auth_types_supported", Lists.newArrayList("client_secret_post", "client_secret_basic")); + m.put("token_endpoint_auth_methods_supported", Lists.newArrayList("client_secret_post", "client_secret_basic", "private_key_jwt", "none")); modelAndView.getModel().put("entity", m); // TODO: everything in the list up there diff --git a/openid-connect-server/src/main/resources/db/tables/hsql_database_tables.sql b/openid-connect-server/src/main/resources/db/tables/hsql_database_tables.sql index b967895d1..6a472eec4 100644 --- a/openid-connect-server/src/main/resources/db/tables/hsql_database_tables.sql +++ b/openid-connect-server/src/main/resources/db/tables/hsql_database_tables.sql @@ -82,7 +82,7 @@ CREATE TABLE IF NOT EXISTS client_details ( application_type VARCHAR(256), client_name VARCHAR(256), - token_endpoint_auth_type VARCHAR(256), + token_endpoint_auth_method VARCHAR(256), subject_type VARCHAR(256), logo_url VARCHAR(2048), diff --git a/openid-connect-server/src/main/resources/db/tables/mysql_database_tables.sql b/openid-connect-server/src/main/resources/db/tables/mysql_database_tables.sql index 6b33db1a0..7dafd2a44 100644 --- a/openid-connect-server/src/main/resources/db/tables/mysql_database_tables.sql +++ b/openid-connect-server/src/main/resources/db/tables/mysql_database_tables.sql @@ -77,7 +77,7 @@ CREATE TABLE client_details ( application_type VARCHAR(256), client_name VARCHAR(256), - token_endpoint_auth_type VARCHAR(256), + token_endpoint_auth_method VARCHAR(256), subject_type VARCHAR(256), logo_url VARCHAR(2048),