Commit Graph

1363 Commits (124a0353e5b35b9947a12a1d22068bd72fcaded2)

Author SHA1 Message Date
Justin Richer f4f08d9449 RPT endpoint cleanup 2015-05-11 15:28:09 -04:00
Justin Richer 1f083c7acb extracted RPT generation component to new token service class, closes #797 2015-05-11 15:20:26 -04:00
Justin Richer 0ea06f01b8 moved claims processor to the right package 2015-05-11 15:07:56 -04:00
Justin Richer 53d4f15923 shuffle authz endpoint 2015-05-11 14:56:55 -04:00
Justin Richer 7951ff5086 separated claims processing out into its own service, closes #796 2015-05-11 14:44:21 -04:00
Justin Richer 8d5c7d6226 fixed some rogue documentation 2015-05-11 13:03:17 -04:00
Justin Richer afad3a720b Merge branch 'master' into uma
* master:
  added strict URI matching option to redirect resolver (off by default)
2015-05-11 12:33:05 -04:00
Justin Richer e155cdc282 added strict URI matching option to redirect resolver (off by default) 2015-05-09 16:37:11 -04:00
Justin Richer 06f7dc984d switched to view constants 2015-04-12 21:20:10 -05:00
Justin Richer d6dfa89533 check client information on delete of resource set 2015-04-12 21:15:03 -05:00
Justin Richer 7273b0a5b7 fixed discovery endpoint information, closes #805 2015-04-12 17:00:46 -05:00
Justin Richer eb49d9624c inject claims from OIDC auth token into permission ticket 2015-03-31 18:21:34 -04:00
Justin Richer 98cd5ba27d added save to permission ticket system 2015-03-31 18:21:14 -04:00
Justin Richer 08413302eb configured OIDC client on claims collection endpoint 2015-03-31 15:35:20 -04:00
Justin Richer f48049be4d deny tickets with no claims required (closes a race condition) 2015-03-31 10:26:06 -04:00
Justin Richer dc10779abb removed extraneous issuer in discovery endpoint, closes #793 2015-03-31 10:10:14 -04:00
Justin Richer a38a0b6f75 removed extraneous bob 2015-03-30 18:19:13 -04:00
Justin Richer 6e095e3266 can now add and remove email address claims from the UI 2015-03-30 17:54:16 -04:00
Justin Richer 687517d7f4 Merge branch 'master' into claims-editing-ui 2015-03-30 12:21:59 -04:00
Justin Richer d015d17fad search for local users first (by email), then check remote users 2015-03-30 12:20:19 -04:00
Justin Richer 348ff7ee17 made webfinger endpoint search by email address, then by username 2015-03-30 12:18:50 -04:00
Justin Richer 5aa5cc1a10 added search by email to user info data stack 2015-03-30 12:18:50 -04:00
Justin Richer e89d8cd985 added webfinger lookup helper service 2015-03-30 11:49:49 -04:00
Justin Richer 394785b9c4 don't give resource sets default client scopes 2015-03-30 09:57:10 -04:00
Justin Richer 7af19dbd61 added copyright text 2015-03-30 08:44:51 -04:00
Justin Richer 3e931c68b4 added policy editing overview page 2015-03-20 17:27:10 -04:00
Justin Richer 5698393d31 created claims API 2015-03-19 16:44:34 -04:00
Justin Richer bde03411f1 Merge branch 'master' into uma 2015-03-18 21:42:26 -04:00
Justin Richer 006a4d1ec6 fixed import function of 1.2 data service 2015-03-18 21:42:18 -04:00
Justin Richer 6f149cba69 Merge branch 'master' into uma 2015-03-18 20:10:19 -04:00
Justin Richer 30e894a64a put 'kid' into JWS header, closes #784 2015-03-18 20:09:06 -04:00
Justin Richer 866186f611 pointed data API at the correct service version 2015-03-18 19:54:42 -04:00
Justin Richer 6daeeefb33 augmented introspection unit tests with one for new permissions mode 2015-03-18 08:45:05 -04:00
Justin Richer 9f913244a0 fixed unit tests for introspection results 2015-03-18 08:00:18 -04:00
Justin Richer 7df31f1e87 completed rudimentary UMA authorization API.
Working: resource set registration, permission ticket creation, RPT creation from ticket

Still missing: adding required claims to resource set, adding provided claims to permission ticket
2015-03-17 22:26:12 -04:00
Justin Richer 1be9da52c6 separated ticket object from permission object to facilitate re-use of permission object with tokens 2015-03-17 21:16:29 -04:00
Justin Richer f123366069 added scope filtering to protection api 2015-03-17 19:43:02 -04:00
Justin Richer ff958e20b6 basic authorization support 2015-03-17 19:21:20 -04:00
Justin Richer 098519da5e added OAuth2 error reporting to permission and resource set endpoints 2015-03-17 19:01:44 -04:00
Justin Richer 2aadb09f49 started claims service, added expiration to permissions 2015-03-16 22:52:21 -04:00
Justin Richer c234f78dbd Merge branch 'master' into authorization-api 2015-03-13 19:08:14 -04:00
Justin Richer 5873b336f2 fixed erroneous import 2015-03-13 19:07:27 -04:00
Justin Richer 8352145d82 Merge branch 'master' into authorization-api
Conflicts:
	openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java
	openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml
	openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java
	openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java
	openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
	openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionAuthorizer.java
2015-03-13 18:39:26 -04:00
Justin Richer ba51df0c37 consolidated client credential filter beans
(note: imports magic from secoauth)
2015-03-13 18:30:09 -04:00
Justin Richer 4f12fab56b made unused auth codes expired (they're still single-use), refactored auth code service layer 2015-03-13 13:45:49 -04:00
Justin Richer 2abcd96bbe set fallback locale to English, ultimate fall through is to return the code string itself 2015-03-12 17:28:27 -04:00
Justin Richer 285ad71874 made input reader use UTF8, imported the first set of Swedish text to the JSON format 2015-03-12 17:07:08 -04:00
Justin Richer 80605becf1 rudimentary json-based message source 2015-03-12 15:26:23 -04:00
Justin Richer e1fb8272cc redirect error on prompt=none, addresses #667 2015-03-12 09:26:38 -04:00
Justin Richer ad9b49733f externalized queries for scopes, blacklists, user info, pairwise identifiers, and whitelists, closes #771 even harder 2015-03-11 16:13:28 -04:00
Justin Richer 15b97b1dcb Externalized strings for named queries on auth holders, auth codes, clients, and tokens, closes #771 2015-03-11 15:51:51 -04:00
Justin Richer 61a596dc15 externalized strings from user info views 2015-03-11 14:00:14 -04:00
Justin Richer 86e95d9e6e externalized json entity and error parameters, closes #770 2015-03-11 13:52:32 -04:00
Justin Richer e56161e223 extracted http "code" view parameter 2015-03-11 13:39:07 -04:00
Justin Richer 1735dbca11 extracted controller URLs to constants, closes #769 2015-03-11 13:20:59 -04:00
Justin Richer 617d485478 updated all references to media types to use constants instead of literals, closes #767 2015-03-11 12:06:38 -04:00
Justin Richer c777ebfac9 added universal OAuth exception handling 2015-03-11 11:41:28 -04:00
Justin Richer 76b7324d88 fixed execution order of introspection endpoint 2015-03-10 18:29:48 -04:00
Justin Richer 8c8f912880 fixed endpoint processing to account for client id 2015-03-10 15:37:07 -04:00
Justin Richer ee522100b9 Merge branch 'master' into uma-introspection
* master:
  fixed logger variable name
  made logger declarations consistent across project, closes #780
  Fixed logger
  null safe
  removed DateUtil
  added icons to scope editing panel
2015-03-10 15:03:26 -04:00
Justin Richer 5d35f2c1a6 toned down errors on introspection endpoint 2015-03-10 14:58:22 -04:00
Justin Richer 65d7b00f4d added uma-processing of scopes to introspection results 2015-03-10 12:38:37 -04:00
Justin Richer 627bcaee43 added client_id to resource sets 2015-03-10 12:38:13 -04:00
Justin Richer e5e4c15058 removed introspection authorizer hook 2015-03-10 11:12:37 -04:00
Justin Richer 2a6a17486a added initial uma discovery endpoint 2015-03-09 16:15:30 -04:00
Justin Richer 621399545e cleaned up introspection endpoint processing 2015-03-09 16:15:09 -04:00
Justin Richer 764df71758 refactored introspection to allow for UMA style token access 2015-03-09 12:43:05 -04:00
Justin Richer 1da5c2cd84 fixed imports 2015-03-09 11:51:41 -04:00
Justin Richer c7f6811961 refactored scope enforcement utilities to a separate authentication class 2015-03-09 11:51:24 -04:00
Justin Richer 48b857eb85 fixed logger variable name 2015-03-09 07:37:09 -04:00
Justin Richer c09b63c69f made logger declarations consistent across project, closes #780 2015-03-08 21:56:33 -04:00
Wolter Eldering 849a2b3271 Fixed logger 2015-03-08 16:02:53 +01:00
Wolter Eldering 020b410ffe null safe 2015-03-08 15:47:58 +01:00
Wolter Eldering db2574ab53 removed DateUtil 2015-03-08 15:41:47 +01:00
Justin Richer f266d3b151 added unit test for resource set service to make sure it catches error conditions 2015-03-06 16:56:30 -05:00
Justin Richer 35f2a03b4e added unit test for permission service 2015-03-06 15:50:24 -05:00
Justin Richer e59e988809 made permission service enforce scoping 2015-03-06 15:50:14 -05:00
Justin Richer 5ff9cd1bbb implemented permission registration API 2015-02-28 17:59:37 -05:00
Justin Richer eed8fb0b28 created skeleton of permission registration API 2015-02-28 08:33:09 -05:00
Justin Richer c41488b103 moved an uma package to common, extracted OAuth scope enforcement utility 2015-02-28 08:32:47 -05:00
Justin Richer 5be7d64c7d moved all uma files to their own package 2015-02-28 07:24:53 -05:00
Justin Richer 0d96b6a28a changed name of scope to match uma spec 2015-02-27 20:46:48 -05:00
Justin Richer 7a1480bb07 moved and consolidated json utilities 2015-02-26 16:20:01 -05:00
Justin Richer 40fc70894e fixed oauth scope check 2015-02-24 18:01:03 -05:00
Justin Richer 4878e88d4f added list all by owner 2015-02-24 17:41:05 -05:00
Justin Richer 8d22ad03e2 implemented remove verb 2015-02-24 17:15:18 -05:00
Justin Richer 89114dcf74 implemented update 2015-02-24 16:05:18 -05:00
Justin Richer ad228e8953 send the _id as a string 2015-02-24 15:52:29 -05:00
Justin Richer 3b6412219b added abbreviated view, updated OAuth error handling, fixed URL mapping 2015-02-24 15:10:48 -05:00
Justin Richer 0b480bac10 implemented get 2015-02-24 15:09:52 -05:00
Justin Richer 3076da1ed8 functioning resource set repository layer 2015-02-24 12:10:54 -05:00
Justin Richer efeead52b6 fixed typos in data layer, added blank service layer to resource set 2015-02-24 12:00:58 -05:00
Justin Richer e7bf75e9a4 moved and consolidated json utilities 2015-02-23 13:43:08 -05:00
Justin Richer 90a7304b4e resource set registration endpoint and service shells 2015-02-23 11:43:05 -05:00
Justin Richer 720b73939f fixed token service logic, added verification to unit tests 2015-02-18 13:57:28 -05:00
Justin Richer 97ae456099 fixed unit tests affected by scope service changes 2015-02-18 13:48:16 -05:00
Justin Richer 6885713eed added warning suppression for data layer -- non-templated generic types have to be used here 2015-02-18 10:19:36 -05:00
Justin Richer f4813fccee fixed log messages on data services 2015-02-18 09:33:13 -05:00
Justin Richer 4ae981f484 updated data layer and unit tests 2015-02-18 09:23:09 -05:00
Justin Richer 593fac83cf scopes can now be set as "restricted" instead of needing to be set "allowDynReg", closes #747 2015-02-17 18:25:52 -05:00
Justin Richer 1caf5ef8bc removed call to deprecated http components constructor 2015-02-17 17:06:34 -05:00
Justin Richer b376bc6059 removed some vestigial service/repository calls, closes #513 2015-02-17 16:22:40 -05:00
Justin Richer ecfb72bc50 additional JOSE class naming 2015-02-17 15:32:20 -05:00
Justin Richer 522edda074 additional JOSE class renaming 2015-02-17 14:57:29 -05:00
Justin Richer cef6cf17b6 externalized a number of strings, closes #385 2015-02-17 14:39:15 -05:00
Justin Richer 994ce6c743 consistently named JOSE-based classes, closes #529 2015-02-17 12:11:58 -05:00
Justin Richer 335d05bb5c renamed data service abstract class 2015-02-17 11:56:50 -05:00
Justin Richer 685960358c formatting cleanup 2015-02-17 11:08:46 -05:00
Justin Richer e2349984b8 happy new year 2015! 2015-02-17 10:24:08 -05:00
Justin Richer d88cc2ec8e fixed pluralization of post logout URIs in data API services 2015-02-17 09:59:50 -05:00
Justin Richer cc02f8fbe8 pluralized post-logout redirect URI on client, closes #654 2015-02-16 16:43:34 -05:00
Justin Richer ef3a696972 removed getBySubject and getAll from user info repository and service layers, closes #760 2015-02-16 11:08:07 -05:00
Justin Richer 63dd7c0b25 removed deprecated DefaultUserInfoUserDetailsService and corresponding test, closes #413 2015-02-16 11:07:17 -05:00
Justin Richer 166c53cd6a fixed comparison of client IDs in refresh token, closes #752
Also addresses #735 (again)
2015-01-24 07:47:50 -05:00
Justin Richer 6c88d7c54b removed old owner_id field, closes #636 2015-01-17 08:18:36 -05:00
Justin Richer ba97fcb88a changed name of clientAuthorization to authorizationRequest (which is more accurate), closes #697 2014-12-19 00:55:06 -05:00
John Brooks a1228d19b5 Changed lastWeek logic back to correct form, removed logic used for
testing.
2014-12-19 00:39:07 -05:00
Justin Richer e9d764e53e added support for login_hint, closes #250 2014-11-26 09:55:39 -05:00
Justin Richer 3e7ade9a67 fixed unit tests 2014-11-22 23:46:25 -05:00
Justin Richer 1a2ca25359 relaxed scope constraints on protected resources registered through self-service page 2014-11-22 23:46:25 -05:00
Justin Richer e371ad345f fixed checking of refresh token permissions in client service, clients can now request either refresh_token grant type or offline_access scope and it will work. added checkbox to dynreg page for ease-of-use
closes #734
2014-11-22 23:46:25 -05:00
Justin Richer 56344fa12b make sure that client presenting refresh token is the same client the refresh token was issued to
closes #735
2014-11-22 23:46:25 -05:00
Justin Richer 0e776762c2 set up data API for 1.2 format (currently the same as 1.1 format) 2014-11-15 19:59:47 -10:00
Justin Richer b14dfa6458 approval page defaults to "ask again" when prompt=consent is passed, closes #669 2014-11-13 11:23:54 -10:00
Justin Richer 775b77b367 updated date format of token introspection response, closes #719 2014-11-13 11:08:20 -10:00
Justin Richer c600787f1c added key id to id token, closes #725 2014-11-12 16:22:10 -10:00
Justin Richer d87bdb2120 added ROLE_CLIENT to assertion client authentication, cleaned up roles on client secret authentication, closes #728, closes #401 2014-11-12 16:03:06 -10:00
Alexander Imfeld 9dfac35912 Introduce introspection result assembler to allow for customized introspection results 2014-10-14 21:06:09 -04:00
arielak d557b1e2c2 RefreshToken to AuthHolder linkage test now using AuthHolder ID to verify 2014-10-14 20:30:50 -04:00
arielak ff436a6738 Added tests for ensuring the references between a refresh token and its authentication holder are preserved over import. Minor cleanup of other tests. 2014-10-14 20:30:50 -04:00
arielak d18d325c0c Better method of creating test AuthenticationHolderEntity, added some more testing to testImport/ExportGrants
Conflicts:

	openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_1.java
2014-10-14 20:30:50 -04:00
arielak ff28e1a383 Added new data service tests, separated date parsing/formatting utilities into DateUtil class
Conflicts:

	openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java
	openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_X.java
	openid-connect-server/src/main/java/org/mitre/openid/connect/util/DateUtil.java
2014-10-14 20:30:50 -04:00
Justin Richer 188818dc0d added null check to confirmation controller, closes #684 2014-10-07 21:58:15 -04:00
Justin Richer 134909a82f import cleanup 2014-10-07 19:40:38 -04:00
Justin Richer 1e71749c23 added more generic rotation capability 2014-10-07 19:40:38 -04:00
Justin Richer 0b8dbc4f68 added registration token API 2014-10-07 19:40:38 -04:00
Justin Richer 13cee6bf06 Ported date format changes from 1.0.x 2014-10-06 23:41:33 -04:00
arielak 98ace5c9fb Separated date formatting and parsing functions to DateUtil class. Modified how timezone is printed to workaround Java date formatting issue.
Conflicts:
	openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java
2014-10-06 23:28:20 -04:00
Justin Richer 1fbdd240f1 made binary encode/decode null safe 2014-10-06 23:25:48 -04:00
arielak a8377513a6 Fixed reading/writing of approved access tokens 2014-10-06 22:59:27 -04:00
arielak 0320bae15c Fixed netbeans copyright weirdness 2014-10-06 22:59:27 -04:00
arielak dcf66fadc4 Added support for 1.1 config import/export, and separated common functions into 1_X abstract class 2014-10-06 22:59:27 -04:00
arielak ad841a03df Added support for whitelisted and blacklisted site export 2014-10-06 22:59:27 -04:00
arielak 8495617aed Added support for whitelisted and blacklisted site import from a 1.0 config 2014-10-06 22:59:27 -04:00
arielak 16f15cc3c8 NPE fix 2014-10-06 22:59:27 -04:00
arielak 6333b1e4b1 Re-enabled reading of system scopes. Added 1.1 data export functionality 2014-10-06 22:59:27 -04:00
arielak d5551e9692 Added services for data import/export and modified JpaAuthenticationHolderEntity and Repository to allow getting all objects 2014-10-06 22:58:26 -04:00
Justin Richer c683131f12 externalized view name strings and tied them to view beans 2014-09-28 22:25:39 -04:00
Justin Richer 9e88a62479 moved the API endpoints, made resource tokens accessible too 2014-09-22 23:38:12 -04:00
Justin Richer 6d80a00d65 import cleanup 2014-09-22 23:04:23 -04:00
Justin Richer 81634e6165 added API for getting tokens by clientid 2014-09-22 22:55:13 -04:00
Justin Richer dee78c130c fixed missing null check in request object parser 2014-08-25 22:48:42 -04:00
James Agnew e0b84069d4 Update to latest spring-security-oauth2 module 2014-08-06 11:12:40 -04:00
Justin Richer 39c50b76f4 added null checks to endpoint auth method switches, closes #652 2014-07-31 23:05:17 -04:00
Justin Richer 8768188133 makes the grant types checker softer, closes #640 2014-07-19 23:54:02 -07:00
Justin Richer 9666404d54 added "none" to discovery endpoint 2014-07-16 23:48:18 -04:00
Justin Richer 7476edb310 added unsigned ID token support to server 2014-07-16 22:29:13 -04:00
Justin Richer 538c4031bb added in better default checks for content negotiation 2014-07-02 16:01:26 -04:00
Justin Richer 078bf5e464 combine HTTP content negotiation with client preferences for user info endpoint 2014-06-28 23:44:37 -04:00
Justin Richer 1de2a61176 made accept header optional for user info request 2014-06-28 22:20:05 -04:00
Justin Richer 04acc21eea removed injection of admin email address from client API, will happen browser-side now 2014-06-26 13:00:36 -04:00
Justin Richer 5773fe195b set proper content type on user info JWT response 2014-06-18 18:05:11 -04:00
Justin Richer 5f97ce0ca1 fixed error code string 2014-06-18 14:50:17 -04:00
Justin Richer 6589cd717d disallow fragments in redirect uris for dynamic clients, closes #622 2014-06-18 14:49:29 -04:00
Justin Richer 4e52543091 more properly respond to some client registration errors 2014-06-18 14:45:55 -04:00
Justin Richer c493f438e7 applied token rotation to protected resources 2014-06-12 19:37:50 -04:00
Justin Richer f4edd3164f made timeout field optional, tokens don't expire in the default case 2014-06-12 19:37:32 -04:00
Trilok Jain 4e09ec687b Registration Token regeneration - when they are beyond their lifetime
(in read/update calls)
2014-06-12 19:12:32 -04:00
Trilok Jain ed3e6a2814 https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/issues/431:
Generating a new registration access token on read/update call and
revoking the token issued earlier.
2014-06-12 19:12:32 -04:00
Justin Richer a106121af3 created blacklist aware redirect resolver and wired it in, closes #549 2014-06-10 16:29:45 -04:00
Justin Richer a97f3e2d65 don't throw away creation time on protected resource update (oops) 2014-06-09 20:22:58 -04:00
Justin Richer e0fe22e4ba don't regenerate client secrets every single time 2014-06-09 20:20:36 -04:00
Justin Richer 53148f2c87 better auth method checking in dynamic registration and resource registration 2014-06-09 17:41:27 -04:00
Justin Richer f15b4a0f74 resource registration returned the wrong URL 2014-06-09 17:41:01 -04:00
Justin Richer 47cc005fe5 more sanity checking for client secrets 2014-06-09 16:06:57 -04:00
Justin Richer cac645484f client API now generates client secret only for clients that require a client secret 2014-06-09 16:00:55 -04:00
Justin Richer 52e53ba219 extracted validation exception, refactored protected resource registration endpoint to use this format 2014-06-06 11:13:41 -04:00
Justin Richer b7a8bbdddc cleanup, error wrappers on protected resource registration 2014-06-06 10:58:40 -04:00
Justin Richer deaccf437e refactored dynamic registration endpoint's checks for client consistency 2014-06-06 10:18:40 -04:00
Justin Richer 04f7a698ea added response type consistency checking, closes #430 2014-06-05 19:41:06 -04:00
Justin Richer 32101ff7b2 added parsing checks, fixed inverted logic, cleaned up redundant settings, closes #597 2014-06-05 19:06:03 -04:00
Justin Richer ab083c0963 added checks to dynamic registration endpoint that disallow registration of multiple incompatible grant types 2014-06-05 17:16:35 -04:00
Justin Richer cdd23df7ee token introspection now returns user "sub" when available in addition to "user_id", closes #507 (might cause incompatibility problems) 2014-06-04 17:27:38 -04:00
Justin Richer 8861220632 stats on home page are now loaded in the background (makes main site load much faster) 2014-06-04 14:39:30 -04:00
Justin Richer 3e4aae6c8a hash tests now pass on Java8 2014-05-29 17:41:56 -04:00
Justin Richer dfdc4ed52d fixed information leaks from approved site API 2014-05-28 18:21:46 -04:00
Alexander Imfeld a84c10fc1c Change copyright from Netcetera to MITRE/MIT-KIT. 2014-05-28 08:52:31 +02:00
Justin Richer 2797731597 fixed unit test to account for cascading tokens 2014-05-27 20:39:19 -04:00
Justin Richer d2c83104fb cascade token saves 2014-05-27 19:28:38 -04:00
Josh Mandel 7f8cbcea39 Use return value from TokenEnhancer.enhance 2014-05-27 19:23:44 -04:00
Justin Richer 0c8cacd59a added missing copyright headers 2014-05-27 13:46:47 -04:00
Justin Richer 525f3aa2a8 Cleaned up indentation, whitespace, and imports. 2014-05-27 13:02:49 -04:00
Justin Richer 8185171119 minor clean up 2014-05-27 11:54:45 -04:00
Justin Richer 5ab516de48 prevent clients from registering with special resource scope 2014-05-26 17:39:20 -04:00
Justin Richer c34357a433 added resource registration endpoint with basic functionality and specialized tokens 2014-05-26 16:30:24 -04:00
Justin Richer 960319b796 improved logging configuration, removed transactional from service 2014-05-25 15:38:44 -04:00
Justin Richer 85fd4e71ce typo in error message 2014-05-25 15:37:58 -04:00
Justin Richer 2af51dc77a better URI check for prompt filter short circuit 2014-05-25 14:24:25 -04:00
Justin Richer f4a1a2acff fixed prompt filter coding error 2014-05-24 23:16:29 -04:00
Justin Richer 89d55e3d33 added support for default max auth age and require auth time, made prompt filter only work on authorization endpoint 2014-05-24 22:12:41 -04:00
Justin Richer 5c6e75bd53 cleaned up UI for client editing 2014-05-24 20:56:54 -04:00
Justin Richer 05e9624ae3 added support for encrypted and symmetrically signed id tokens and user info responses 2014-05-23 21:15:50 -04:00
Justin Richer ffe1b29906 Added Signed JWT support to UserInfo endpoint response, closes #593 2014-05-23 19:15:03 -04:00
Justin Richer e4d5f4a540 added system wide cache for all symmetric validators, closes # 557 2014-05-23 16:16:06 -04:00
Justin Richer ca333d256b Appropriately catch runtime exceptions in all guava caches, closes #603 2014-05-23 15:00:40 -04:00
Justin Richer df9c9747ce more reasonable check for whether or not a user auth is present, addresses #602 2014-05-23 11:49:51 -04:00
Justin Richer 4e890a4d7d enforce clients using a redirect flow have at least one redirect uri registered when using dynamic registration, made error handling more consistent across all APIs
closes #596
2014-05-21 18:29:51 -04:00
Justin Richer a225b00920 added null check and permissions check to ID token generation, closes #602 2014-05-21 17:45:25 -04:00
Justin Richer dcf36234c4 moved CSRF generator to request parser instead of confirmation controller 2014-05-13 09:48:34 -04:00
Justin Richer a253ebc908 added CSRF protection to approval page 2014-05-13 09:27:02 -04:00
Justin Richer fcfbf1080f renamed auth request variable 2014-05-13 09:26:27 -04:00
Alexander Imfeld 7cd36b471f Make introspection endpoint access authorization pluggable. 2014-05-07 16:44:56 +02:00
Justin Richer 4b697ba909 webfinger checks host on acct: URIs, closes #404 2014-04-25 21:21:00 -04:00
Justin Richer 376403fa4a account for registration time in approval page, closes #550 2014-04-19 07:28:20 -04:00
Justin Richer 1d2f968bd1 configuration cleanup, closes #568 2014-04-18 22:11:58 -04:00
Justin Richer 318a28ddf8 added stats mock to unit tests 2014-04-16 22:05:03 -04:00
Justin Richer 521017c5c2 updated stats service to have a resettable cache triggered by other service events 2014-04-16 21:39:37 -04:00
Justin Richer 7f310400b1 simple cache for stats 2014-04-16 21:18:12 -04:00
kangelov 39509bfdc4 Performance improvement of token cleanup:
an alternative token cleanup mechanism designed to maintain a very compact memory footprint while performing cleanup in consecutive runs of the cleanup thread. This serves to address OutOfMemoryException issues of the original token cleanup mechanism when process is under load. Also, added cleanup of the authentication_holder table.
2014-04-10 23:38:37 -04:00
kangelov 265624b285 a fix for a NullPointerException whenever a client requests a client scope to be granted. 2014-04-10 22:41:20 -04:00
Justin Richer 53cc7ef447 Fixed audience claim on client auth assertion 2014-03-06 19:45:05 +00:00
Justin Richer 1fcef858c6 updated server discovery document to reflect new capabilities 2014-03-06 16:48:27 +00:00
Justin Richer b67121f0cd added client_secret_jwt auth method support, closes #174 2014-03-04 23:45:36 +00:00
Justin Richer 15b017992c added DELETE to token api because revocation endpoint doesn't work for this kind of management, closes #191 2014-03-01 11:05:46 +00:00
Justin Richer 89f015cf1c Updated Token API to be less leaky 2014-02-28 21:14:27 +00:00
Justin Richer dd391ebf3c Display contacts, popup for image, cleanup of more info 2014-02-16 21:58:16 -05:00
Justin Richer dab52ca8a0 enhancements to approval page 2014-02-16 18:25:05 -05:00
Justin Richer ec6a78c1ba made prompt pluralizable to comply with spec, closes #519 2014-02-16 01:41:08 -05:00
Justin Richer 19dbe92d4e initial support for displaying claim values for requested scopes 2014-01-20 20:56:04 -05:00
Justin Richer 3b52ce8201 happy new year! 2014-01-20 12:38:42 -05:00
Justin Richer ebbc7209aa automated code formatting and cleanup 2013-12-03 14:19:34 -05:00
Justin Richer 4a8d693746 fixed prompt filter map mismatch (I hate type erasure) 2013-12-02 11:55:09 -05:00
Justin Richer ce1f3f2f94 updated mockito, fixed some unit tests 2013-11-27 12:37:05 -05:00
Justin Richer d330bd1c9b cleanup, added revocation uri to server config 2013-11-27 12:23:04 -05:00
Justin Richer ed06b14406 publish revocation endpoint, addresses #520 2013-11-27 12:13:42 -05:00
Justin Richer b7011f508e urlencode client IDs in client registration URIs, addresses #422 2013-11-27 12:12:10 -05:00
Justin Richer 8c1bfb7e0c set current user's email address to owner when using admin UI 2013-11-27 12:11:36 -05:00
Justin Richer 6c4d2a8e8d vestigial comment cleanup 2013-11-27 12:06:53 -05:00
Justin Richer db5532e9bf comment cleanup 2013-11-27 11:34:41 -05:00
Justin Richer 39fb96a802 pull request from extensions map 2013-11-27 11:20:38 -05:00
Justin Richer 86e0f0c7ee cleaned up old comments 2013-11-27 11:20:01 -05:00
Justin Richer a24eadeb11 cleaned up responseType calls, addresses #451 2013-11-27 11:03:15 -05:00
Justin Richer df511a81cc override from #465 no longer needed 2013-11-27 10:53:16 -05:00
Justin Richer d3dbb00e77 ensure clients and tokens don't get special system scopes, addresses #320 2013-11-27 10:35:56 -05:00
Justin Richer ef01de168d Moved special token scopes to scope service interface 2013-11-27 10:21:52 -05:00
Justin Richer 4f986d6a38 clean up some auto generated functions 2013-11-27 09:57:56 -05:00
Justin Richer f56135810c Fixed request object precedence order 2013-11-27 09:52:26 -05:00
Justin Richer 447df56947 removed unused nonce exception 2013-11-27 09:10:35 -05:00
Justin Richer 27f391ef01 Fixed compilation errors for SECOAUTH milestone updates 2013-11-25 09:31:50 -05:00
Justin Richer 190caee9a1 refactored userinfo serializer 2013-11-18 09:49:23 -05:00