2496dc114c
allow language system to be loaded from multiple files. closes #817 closes #876
9 years ago
e255fc1a10
change default behavior of message source, closes #964
9 years ago
7b34a666d9
Make the dual client support configurable
9 years ago
a80953a2d4
Allow both flows authorization code and client credentials. This scenario might be found when the same client supports user authentication as well as service to service authentication. Such a client is trusted (whitelisted).
9 years ago
dce80d488b
Clean up ScopeClaimTranslationService
...
`getFieldNameForClaim` method is never used.
9 years ago
2deec98b58
[maven-release-plugin] prepare for next development iteration
9 years ago
d96b2dc130
[maven-release-plugin] prepare release mitreid-connect-1.2.2
9 years ago
96f4d5e8a8
fixed use of wrong constant, closes #940
9 years ago
c9358f348a
added transactional annotations, finally closes #926 addresses #862
9 years ago
e1e892377f
added cleaner for duplicate refresh tokens
9 years ago
542afca459
cleans duplicate access tokens from DB before other cleanup happens
9 years ago
ebb4f2c3d4
Upgraded to nimbus 4.2, closes #934
9 years ago
c67611e975
added qualifier name to persistence unit and transaction manager, closes #883
9 years ago
d280ca40a4
login hints now handled in a slightly smarter (and more pluggable) manner, closes #851
9 years ago
b5c298e0ca
Remove legacy CSRF protection for approve page
...
Instead, we rely on the Spring Security CSRF protection, like we already do for the login page. Additionally, we remove the authentication check in`isApproved`, because this is already done by Spring Security (and if not, we have bigger problems to worry about).
9 years ago
8b362f23f3
[maven-release-plugin] prepare for next development iteration
9 years ago
e384a6257b
[maven-release-plugin] prepare release mitreid-connect-1.2.1
9 years ago
4063f7f94f
user info endpoint response uses correct client algorithms, addresses #921
9 years ago
acb3d03052
added 'kid' to all signed tokens, closes #899
9 years ago
d3f8ff2855
added JTI to ID tokens, closes #900
9 years ago
9822748209
grabbed additional places that mention updated_time/updated_at
9 years ago
31ea96ce27
Update DefaultOIDCTokenService.java
...
fixed typo
9 years ago
22c05ec51b
[maven-release-plugin] prepare for next development iteration
9 years ago
e6b64cd9cd
[maven-release-plugin] prepare release mitreid-connect-1.2.0
9 years ago
489450b1c2
automated code format cleanup
9 years ago
15c2b57730
[maven-release-plugin] prepare for next development iteration
9 years ago
8317c759f1
[maven-release-plugin] prepare release mitreid-connect-1.2.0-RC2
9 years ago
0740443768
added claims redirect uri set to client model for UMA usage
9 years ago
a4e75ed733
[maven-release-plugin] prepare for next development iteration
10 years ago
58a47d0e46
[maven-release-plugin] prepare release mitreid-connect-1.2.0-RC1
10 years ago
0714ed514e
fixed errant unit test
...
why do they always get away like that??
10 years ago
064f36ef6c
clean up resource sets when clients are deleted
10 years ago
d1c069ad1e
clean up permissions and access tokens when a resource set is revoked
10 years ago
7345a03aaa
added UMA import, closes #811 even harder
10 years ago
bcd8a96b5d
UMA data export, closes #811
10 years ago
a3360e9561
externalized strings in data API (1.2)
10 years ago
4a382f2b1c
updated unit tests to new structure
10 years ago
8c822c0f54
detached whitelist from approved sites, closes #781
10 years ago
c4aaa29ffc
updated unit tests for new refresh token mode
10 years ago
d9efeb3b67
added clear access tokens to export/import
10 years ago
2f4d9ce54b
clearing out refresh tokens is now configurable, closes #409
10 years ago
8359ac2813
fixed refresh token lookup
10 years ago
d2a393f7f9
converted error handlers to a single @ControllerAdvice class, closes #788
10 years ago
f4a1b27e2e
better handling of HTTP and JSON errors on network fetches, added http-forcing behavior for webfinger client and sector URL service
10 years ago
f7a082d4b8
wrapped timestamp injection in a null-safe block, with warning; closes #849
10 years ago
9e74e40453
Use diamond syntax instead of explicit types
10 years ago
6dc2b2cb5e
Various small improvements/bugfixes
10 years ago
d1e8529a7b
expose ID Token and UserInfo to the AuthoritiesProvider and AuthoritiesMapper, both extensible
...
closes #699
closes #761
10 years ago
4655650a68
added OAuth error display page, closes #559
10 years ago
dfc8df42f5
moved server configuration injection to pre-request
10 years ago
79317d5b70
JWK Set by value added to admin UI, addresses #826
10 years ago
e43600494a
minor automated code cleanup
10 years ago
642942b5cf
Generalized client key handling into a single cache service
10 years ago
032d41e5ed
added JWKs-by-value support to client data model and API, closes #826
10 years ago
8d3a8471aa
updated refresh token to use converter instead of dummy field
10 years ago
9662f3e8b3
switched access token to using converter instead of dummy field
10 years ago
9ba1a78d09
removed binary objects from data API importers, removed binary object JSON utility entirely
10 years ago
c974267cde
return prompt=none error to client, closes #667
10 years ago
cbf6316050
cleaned up logic on user info interceptor to fix detection of redirects
10 years ago
fe6d2f8a6e
updated and expanded unit tests to account for new data layer
10 years ago
d5a08d4996
cleaned up vestigial service component, to be fixed (maybe) in #825
10 years ago
d9e03b769b
fixed auth holder reference handling, import/export works now
10 years ago
3d1aee77b4
updated 1.2 import to reflect new objects
10 years ago
441b19f0c5
fixed data export to comply with new auth holder
10 years ago
a7905c9f82
only save strings in the Extensions map
10 years ago
cb8abca0f6
removed embedded JOSE classes in favor of converters
10 years ago
6be2b4f65e
added ES* and PS* support for signed objects
10 years ago
04dc037f9e
fixed unit tests to account for refresh token rotation
10 years ago
aeed2fa003
issue new refresh tokens for clients who are configured for it, closes #408
10 years ago
31d5e3ad0e
echo back requested scopes in error thrown by validator, closes #708
10 years ago
52b1bda8d8
version match and cleanup
10 years ago
24a464e142
put in a dummy resource set service so that introspection can pass through
10 years ago
a2edb31753
moved UMA server to its own module
10 years ago
7188a06488
added deletion functionality to UI
10 years ago
43a432eb9a
removed extraneous TODO
10 years ago
ed7799b54a
make RPTs optionally expire, closes #794
10 years ago
e0cdeb3571
inject uma token service
10 years ago
fc64dcc9b9
discovery endpoint cleanup
10 years ago
f4f08d9449
RPT endpoint cleanup
10 years ago
1f083c7acb
extracted RPT generation component to new token service class, closes #797
10 years ago
0ea06f01b8
moved claims processor to the right package
10 years ago
53d4f15923
shuffle authz endpoint
10 years ago
7951ff5086
separated claims processing out into its own service, closes #796
10 years ago
8d5c7d6226
fixed some rogue documentation
10 years ago
afad3a720b
Merge branch 'master' into uma
...
* master:
added strict URI matching option to redirect resolver (off by default)
10 years ago
e155cdc282
added strict URI matching option to redirect resolver (off by default)
10 years ago
06f7dc984d
switched to view constants
10 years ago
d6dfa89533
check client information on delete of resource set
10 years ago
7273b0a5b7
fixed discovery endpoint information, closes #805
10 years ago
eb49d9624c
inject claims from OIDC auth token into permission ticket
10 years ago
98cd5ba27d
added save to permission ticket system
10 years ago
08413302eb
configured OIDC client on claims collection endpoint
10 years ago
f48049be4d
deny tickets with no claims required (closes a race condition)
10 years ago
dc10779abb
removed extraneous issuer in discovery endpoint, closes #793
10 years ago
a38a0b6f75
removed extraneous bob
10 years ago
6e095e3266
can now add and remove email address claims from the UI
10 years ago
687517d7f4
Merge branch 'master' into claims-editing-ui
10 years ago
d015d17fad
search for local users first (by email), then check remote users
10 years ago
348ff7ee17
made webfinger endpoint search by email address, then by username
10 years ago
5aa5cc1a10
added search by email to user info data stack
10 years ago
e89d8cd985
added webfinger lookup helper service
10 years ago
394785b9c4
don't give resource sets default client scopes
10 years ago
7af19dbd61
added copyright text
10 years ago
3e931c68b4
added policy editing overview page
10 years ago
5698393d31
created claims API
10 years ago
bde03411f1
Merge branch 'master' into uma
10 years ago
006a4d1ec6
fixed import function of 1.2 data service
10 years ago
6f149cba69
Merge branch 'master' into uma
10 years ago
30e894a64a
put 'kid' into JWS header, closes #784
10 years ago
866186f611
pointed data API at the correct service version
10 years ago
6daeeefb33
augmented introspection unit tests with one for new permissions mode
10 years ago
9f913244a0
fixed unit tests for introspection results
10 years ago
7df31f1e87
completed rudimentary UMA authorization API.
...
Working: resource set registration, permission ticket creation, RPT creation from ticket
Still missing: adding required claims to resource set, adding provided claims to permission ticket
10 years ago
1be9da52c6
separated ticket object from permission object to facilitate re-use of permission object with tokens
10 years ago
f123366069
added scope filtering to protection api
10 years ago
ff958e20b6
basic authorization support
10 years ago
098519da5e
added OAuth2 error reporting to permission and resource set endpoints
10 years ago
2aadb09f49
started claims service, added expiration to permissions
10 years ago
c234f78dbd
Merge branch 'master' into authorization-api
10 years ago
5873b336f2
fixed erroneous import
10 years ago
8352145d82
Merge branch 'master' into authorization-api
...
Conflicts:
openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java
openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml
openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java
openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionAuthorizer.java
10 years ago
ba51df0c37
consolidated client credential filter beans
...
(note: imports magic from secoauth)
10 years ago
4f12fab56b
made unused auth codes expired (they're still single-use), refactored auth code service layer
10 years ago
2abcd96bbe
set fallback locale to English, ultimate fall through is to return the code string itself
10 years ago
285ad71874
made input reader use UTF8, imported the first set of Swedish text to the JSON format
10 years ago
80605becf1
rudimentary json-based message source
10 years ago
e1fb8272cc
redirect error on prompt=none, addresses #667
10 years ago
ad9b49733f
externalized queries for scopes, blacklists, user info, pairwise identifiers, and whitelists, closes #771 even harder
10 years ago
15b97b1dcb
Externalized strings for named queries on auth holders, auth codes, clients, and tokens, closes #771
10 years ago
61a596dc15
externalized strings from user info views
10 years ago
86e95d9e6e
externalized json entity and error parameters, closes #770
10 years ago
e56161e223
extracted http "code" view parameter
10 years ago
1735dbca11
extracted controller URLs to constants, closes #769
10 years ago
617d485478
updated all references to media types to use constants instead of literals, closes #767
10 years ago
c777ebfac9
added universal OAuth exception handling
10 years ago
76b7324d88
fixed execution order of introspection endpoint
10 years ago
8c8f912880
fixed endpoint processing to account for client id
10 years ago
ee522100b9
Merge branch 'master' into uma-introspection
...
* master:
fixed logger variable name
made logger declarations consistent across project, closes #780
Fixed logger
null safe
removed DateUtil
added icons to scope editing panel
10 years ago
5d35f2c1a6
toned down errors on introspection endpoint
10 years ago
65d7b00f4d
added uma-processing of scopes to introspection results
10 years ago
627bcaee43
added client_id to resource sets
10 years ago
e5e4c15058
removed introspection authorizer hook
10 years ago
2a6a17486a
added initial uma discovery endpoint
10 years ago
621399545e
cleaned up introspection endpoint processing
10 years ago
764df71758
refactored introspection to allow for UMA style token access
10 years ago
1da5c2cd84
fixed imports
10 years ago
c7f6811961
refactored scope enforcement utilities to a separate authentication class
10 years ago
48b857eb85
fixed logger variable name
10 years ago
c09b63c69f
made logger declarations consistent across project, closes #780
10 years ago
849a2b3271
Fixed logger
10 years ago
020b410ffe
null safe
10 years ago
db2574ab53
removed DateUtil
10 years ago
f266d3b151
added unit test for resource set service to make sure it catches error conditions
10 years ago
35f2a03b4e
added unit test for permission service
10 years ago
e59e988809
made permission service enforce scoping
10 years ago
5ff9cd1bbb
implemented permission registration API
10 years ago
eed8fb0b28
created skeleton of permission registration API
10 years ago
c41488b103
moved an uma package to common, extracted OAuth scope enforcement utility
10 years ago
5be7d64c7d
moved all uma files to their own package
10 years ago
0d96b6a28a
changed name of scope to match uma spec
10 years ago
7a1480bb07
moved and consolidated json utilities
10 years ago
40fc70894e
fixed oauth scope check
10 years ago
4878e88d4f
added list all by owner
10 years ago
8d22ad03e2
implemented remove verb
10 years ago
89114dcf74
implemented update
10 years ago
ad228e8953
send the _id as a string
10 years ago
3b6412219b
added abbreviated view, updated OAuth error handling, fixed URL mapping
10 years ago
0b480bac10
implemented get
10 years ago
3076da1ed8
functioning resource set repository layer
10 years ago
efeead52b6
fixed typos in data layer, added blank service layer to resource set
10 years ago
e7bf75e9a4
moved and consolidated json utilities
10 years ago
90a7304b4e
resource set registration endpoint and service shells
10 years ago
b670f44138
added UMA to version number
10 years ago
720b73939f
fixed token service logic, added verification to unit tests
10 years ago
97ae456099
fixed unit tests affected by scope service changes
10 years ago
6885713eed
added warning suppression for data layer -- non-templated generic types have to be used here
10 years ago
f4813fccee
fixed log messages on data services
10 years ago
4ae981f484
updated data layer and unit tests
10 years ago
593fac83cf
scopes can now be set as "restricted" instead of needing to be set "allowDynReg", closes #747
10 years ago
1caf5ef8bc
removed call to deprecated http components constructor
10 years ago
b376bc6059
removed some vestigial service/repository calls, closes #513
10 years ago
ecfb72bc50
additional JOSE class naming
10 years ago
522edda074
additional JOSE class renaming
10 years ago
cef6cf17b6
externalized a number of strings, closes #385
10 years ago
05f03f7c90
yet more year updates
10 years ago
994ce6c743
consistently named JOSE-based classes, closes #529
10 years ago
335d05bb5c
renamed data service abstract class
10 years ago
685960358c
formatting cleanup
10 years ago
e2349984b8
happy new year 2015!
10 years ago
d56aec5652
removed extraneous version tag for managed dependency
10 years ago
d88cc2ec8e
fixed pluralization of post logout URIs in data API services
10 years ago
cc02f8fbe8
pluralized post-logout redirect URI on client, closes #654
10 years ago
587d4b2db6
further pom file cleanup
10 years ago
377d8cb884
moved dependency version management to parent pom, closes #666
10 years ago
ef3a696972
removed getBySubject and getAll from user info repository and service layers, closes #760
10 years ago
63dd7c0b25
removed deprecated DefaultUserInfoUserDetailsService and corresponding test, closes #413
10 years ago
166c53cd6a
fixed comparison of client IDs in refresh token, closes #752
...
Also addresses #735 (again)
10 years ago
6c88d7c54b
removed old owner_id field, closes #636
10 years ago
ba97fcb88a
changed name of clientAuthorization to authorizationRequest (which is more accurate), closes #697
10 years ago
a1228d19b5
Changed lastWeek logic back to correct form, removed logic used for
...
testing.
10 years ago
Justin Richer