made timeout field optional, tokens don't expire in the default case

openid-connect-server-webapp/src/main/webapp/WEB-INF/server-config.xml

@@ -29,10 +29,19 @@
 		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.2.xsd">
 
 	<bean id="configBean" class="org.mitre.openid.connect.config.ConfigurationPropertiesBean">
+	    
+	    <!-- This property sets the root URL of the server, known as the issuer. -->
 		<property name="issuer" value="http://localhost:8080/openid-connect-server-webapp/" />
+		
+		<!-- This property is a URL pointing to a logo image 24px high to be used in the top bar -->
  		<property name="logoImageUrl" value="resources/images/openid_connect_small.png" />
+ 		
+ 		<!-- This property sets the display name of the server, displayed in the topbar and page title -->
  		<property name="topbarTitle" value="OpenID Connect Server" />
- 		<property name="regTokenLifeTime" value="172800" />
+ 		
+		<!-- This property sets the lifetime of registration access tokens, in seconds. Leave it unset (null) for no rotation. -->
+		<!-- <property name="regTokenLifeTime" value="172800" /> -->
+
 	</bean>
 	
 </beans>

openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java

@@ -217,10 +217,6 @@ public class ClientDynamicRegistrationEndpoint {
 				logger.error("Unsupported encoding", e);
 				m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR);
 				return "httpCodeView";
-			} catch (ParseException e) {
-				logger.error("Invalid Token", e);
-				m.addAttribute("code", HttpStatus.BAD_REQUEST);
-				return "httpCodeView";
 			}
 			
 		} else {
@@ -314,10 +310,6 @@ public class ClientDynamicRegistrationEndpoint {
 				logger.error("Unsupported encoding", e);
 				m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR);
 				return "httpCodeView";
-			} catch (ParseException e) {
-				logger.error("Invalid Token", e);
-				m.addAttribute("code", HttpStatus.BAD_REQUEST);
-				return "httpCodeView";
 			}
 		} else {
 			// client mismatch
@@ -528,18 +520,33 @@ public class ClientDynamicRegistrationEndpoint {
 		return newClient;
 	}
 	
-	private OAuth2AccessTokenEntity fetchValidRegistrationToken(OAuth2Authentication auth, ClientDetailsEntity client) throws ParseException
+	private OAuth2AccessTokenEntity fetchValidRegistrationToken(OAuth2Authentication auth, ClientDetailsEntity client) {
-	{
+		
 		OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) auth.getDetails();
 		OAuth2AccessTokenEntity token = tokenService.readAccessToken(details.getTokenValue());
-		// Re-issue the token if it has been issued before [currentTime - validity]
+		
-		Date validToDate = new Date(System.currentTimeMillis() - config.getRegTokenLifeTime() * 1000);
+		if (config.getRegTokenLifeTime() != null) {
-		if(token.getJwt().getJWTClaimsSet().getIssueTime().before(validToDate))
+		
-		{
+			try {
-			tokenService.revokeAccessToken(token);
+				// Re-issue the token if it has been issued before [currentTime - validity]
-			token = connectTokenService.createRegistrationAccessToken(client);
+				Date validToDate = new Date(System.currentTimeMillis() - config.getRegTokenLifeTime() * 1000);
-			tokenService.saveAccessToken(token);
+				if(token.getJwt().getJWTClaimsSet().getIssueTime().before(validToDate)) {
+					logger.info("Rotating the registration access token for " + client.getClientId());
+					tokenService.revokeAccessToken(token);
+					OAuth2AccessTokenEntity newToken = connectTokenService.createRegistrationAccessToken(client);
+					tokenService.saveAccessToken(newToken);
+					return newToken;
+				} else {
+					// it's not expired, keep going
+					return token;
+				}
+			} catch (ParseException e) {
+				logger.error("Couldn't parse a known-valid token?", e);
+				return token;
+			}
+		} else {
+			// tokens don't expire, just return it
+			return token;
 		}
-		return token;
 	}
 }