9662f3e8b3
switched access token to using converter instead of dummy field
10 years ago
9ba1a78d09
removed binary objects from data API importers, removed binary object JSON utility entirely
10 years ago
c974267cde
return prompt=none error to client, closes #667
10 years ago
cbf6316050
cleaned up logic on user info interceptor to fix detection of redirects
10 years ago
fe6d2f8a6e
updated and expanded unit tests to account for new data layer
10 years ago
d5a08d4996
cleaned up vestigial service component, to be fixed (maybe) in #825
10 years ago
d9e03b769b
fixed auth holder reference handling, import/export works now
10 years ago
3d1aee77b4
updated 1.2 import to reflect new objects
10 years ago
441b19f0c5
fixed data export to comply with new auth holder
10 years ago
a7905c9f82
only save strings in the Extensions map
10 years ago
cb8abca0f6
removed embedded JOSE classes in favor of converters
10 years ago
6be2b4f65e
added ES* and PS* support for signed objects
10 years ago
04dc037f9e
fixed unit tests to account for refresh token rotation
10 years ago
aeed2fa003
issue new refresh tokens for clients who are configured for it, closes #408
10 years ago
31d5e3ad0e
echo back requested scopes in error thrown by validator, closes #708
10 years ago
52b1bda8d8
version match and cleanup
10 years ago
24a464e142
put in a dummy resource set service so that introspection can pass through
10 years ago
a2edb31753
moved UMA server to its own module
10 years ago
7188a06488
added deletion functionality to UI
10 years ago
43a432eb9a
removed extraneous TODO
10 years ago
ed7799b54a
make RPTs optionally expire, closes #794
10 years ago
e0cdeb3571
inject uma token service
10 years ago
fc64dcc9b9
discovery endpoint cleanup
10 years ago
f4f08d9449
RPT endpoint cleanup
10 years ago
1f083c7acb
extracted RPT generation component to new token service class, closes #797
10 years ago
0ea06f01b8
moved claims processor to the right package
10 years ago
53d4f15923
shuffle authz endpoint
10 years ago
7951ff5086
separated claims processing out into its own service, closes #796
10 years ago
8d5c7d6226
fixed some rogue documentation
10 years ago
afad3a720b
Merge branch 'master' into uma
...
* master:
added strict URI matching option to redirect resolver (off by default)
10 years ago
e155cdc282
added strict URI matching option to redirect resolver (off by default)
10 years ago
06f7dc984d
switched to view constants
10 years ago
d6dfa89533
check client information on delete of resource set
10 years ago
7273b0a5b7
fixed discovery endpoint information, closes #805
10 years ago
eb49d9624c
inject claims from OIDC auth token into permission ticket
10 years ago
98cd5ba27d
added save to permission ticket system
10 years ago
08413302eb
configured OIDC client on claims collection endpoint
10 years ago
f48049be4d
deny tickets with no claims required (closes a race condition)
10 years ago
dc10779abb
removed extraneous issuer in discovery endpoint, closes #793
10 years ago
a38a0b6f75
removed extraneous bob
10 years ago
6e095e3266
can now add and remove email address claims from the UI
10 years ago
687517d7f4
Merge branch 'master' into claims-editing-ui
10 years ago
d015d17fad
search for local users first (by email), then check remote users
10 years ago
348ff7ee17
made webfinger endpoint search by email address, then by username
10 years ago
5aa5cc1a10
added search by email to user info data stack
10 years ago
e89d8cd985
added webfinger lookup helper service
10 years ago
394785b9c4
don't give resource sets default client scopes
10 years ago
7af19dbd61
added copyright text
10 years ago
3e931c68b4
added policy editing overview page
10 years ago
5698393d31
created claims API
10 years ago
bde03411f1
Merge branch 'master' into uma
10 years ago
006a4d1ec6
fixed import function of 1.2 data service
10 years ago
6f149cba69
Merge branch 'master' into uma
10 years ago
30e894a64a
put 'kid' into JWS header, closes #784
10 years ago
866186f611
pointed data API at the correct service version
10 years ago
6daeeefb33
augmented introspection unit tests with one for new permissions mode
10 years ago
9f913244a0
fixed unit tests for introspection results
10 years ago
7df31f1e87
completed rudimentary UMA authorization API.
...
Working: resource set registration, permission ticket creation, RPT creation from ticket
Still missing: adding required claims to resource set, adding provided claims to permission ticket
10 years ago
1be9da52c6
separated ticket object from permission object to facilitate re-use of permission object with tokens
10 years ago
f123366069
added scope filtering to protection api
10 years ago
ff958e20b6
basic authorization support
10 years ago
098519da5e
added OAuth2 error reporting to permission and resource set endpoints
10 years ago
2aadb09f49
started claims service, added expiration to permissions
10 years ago
c234f78dbd
Merge branch 'master' into authorization-api
10 years ago
5873b336f2
fixed erroneous import
10 years ago
8352145d82
Merge branch 'master' into authorization-api
...
Conflicts:
openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java
openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml
openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java
openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionAuthorizer.java
10 years ago
ba51df0c37
consolidated client credential filter beans
...
(note: imports magic from secoauth)
10 years ago
4f12fab56b
made unused auth codes expired (they're still single-use), refactored auth code service layer
10 years ago
2abcd96bbe
set fallback locale to English, ultimate fall through is to return the code string itself
10 years ago
285ad71874
made input reader use UTF8, imported the first set of Swedish text to the JSON format
10 years ago
80605becf1
rudimentary json-based message source
10 years ago
e1fb8272cc
redirect error on prompt=none, addresses #667
10 years ago
ad9b49733f
externalized queries for scopes, blacklists, user info, pairwise identifiers, and whitelists, closes #771 even harder
10 years ago
15b97b1dcb
Externalized strings for named queries on auth holders, auth codes, clients, and tokens, closes #771
10 years ago
61a596dc15
externalized strings from user info views
10 years ago
86e95d9e6e
externalized json entity and error parameters, closes #770
10 years ago
e56161e223
extracted http "code" view parameter
10 years ago
1735dbca11
extracted controller URLs to constants, closes #769
10 years ago
617d485478
updated all references to media types to use constants instead of literals, closes #767
10 years ago
c777ebfac9
added universal OAuth exception handling
10 years ago
76b7324d88
fixed execution order of introspection endpoint
10 years ago
8c8f912880
fixed endpoint processing to account for client id
10 years ago
ee522100b9
Merge branch 'master' into uma-introspection
...
* master:
fixed logger variable name
made logger declarations consistent across project, closes #780
Fixed logger
null safe
removed DateUtil
added icons to scope editing panel
10 years ago
5d35f2c1a6
toned down errors on introspection endpoint
10 years ago
65d7b00f4d
added uma-processing of scopes to introspection results
10 years ago
627bcaee43
added client_id to resource sets
10 years ago
e5e4c15058
removed introspection authorizer hook
10 years ago
2a6a17486a
added initial uma discovery endpoint
10 years ago
621399545e
cleaned up introspection endpoint processing
10 years ago
764df71758
refactored introspection to allow for UMA style token access
10 years ago
1da5c2cd84
fixed imports
10 years ago
c7f6811961
refactored scope enforcement utilities to a separate authentication class
10 years ago
48b857eb85
fixed logger variable name
10 years ago
c09b63c69f
made logger declarations consistent across project, closes #780
10 years ago
849a2b3271
Fixed logger
10 years ago
020b410ffe
null safe
10 years ago
db2574ab53
removed DateUtil
10 years ago
f266d3b151
added unit test for resource set service to make sure it catches error conditions
10 years ago
35f2a03b4e
added unit test for permission service
10 years ago
e59e988809
made permission service enforce scoping
10 years ago
5ff9cd1bbb
implemented permission registration API
10 years ago
eed8fb0b28
created skeleton of permission registration API
10 years ago
c41488b103
moved an uma package to common, extracted OAuth scope enforcement utility
10 years ago
5be7d64c7d
moved all uma files to their own package
10 years ago
0d96b6a28a
changed name of scope to match uma spec
10 years ago
7a1480bb07
moved and consolidated json utilities
10 years ago
40fc70894e
fixed oauth scope check
10 years ago
4878e88d4f
added list all by owner
10 years ago
8d22ad03e2
implemented remove verb
10 years ago
89114dcf74
implemented update
10 years ago
ad228e8953
send the _id as a string
10 years ago
3b6412219b
added abbreviated view, updated OAuth error handling, fixed URL mapping
10 years ago
0b480bac10
implemented get
10 years ago
3076da1ed8
functioning resource set repository layer
10 years ago
efeead52b6
fixed typos in data layer, added blank service layer to resource set
10 years ago
e7bf75e9a4
moved and consolidated json utilities
10 years ago
90a7304b4e
resource set registration endpoint and service shells
10 years ago
b670f44138
added UMA to version number
10 years ago
720b73939f
fixed token service logic, added verification to unit tests
10 years ago
97ae456099
fixed unit tests affected by scope service changes
10 years ago
6885713eed
added warning suppression for data layer -- non-templated generic types have to be used here
10 years ago
f4813fccee
fixed log messages on data services
10 years ago
4ae981f484
updated data layer and unit tests
10 years ago
593fac83cf
scopes can now be set as "restricted" instead of needing to be set "allowDynReg", closes #747
10 years ago
1caf5ef8bc
removed call to deprecated http components constructor
10 years ago
b376bc6059
removed some vestigial service/repository calls, closes #513
10 years ago
ecfb72bc50
additional JOSE class naming
10 years ago
522edda074
additional JOSE class renaming
10 years ago
cef6cf17b6
externalized a number of strings, closes #385
10 years ago
05f03f7c90
yet more year updates
10 years ago
994ce6c743
consistently named JOSE-based classes, closes #529
10 years ago
335d05bb5c
renamed data service abstract class
10 years ago
685960358c
formatting cleanup
10 years ago
e2349984b8
happy new year 2015!
10 years ago
d56aec5652
removed extraneous version tag for managed dependency
10 years ago
d88cc2ec8e
fixed pluralization of post logout URIs in data API services
10 years ago
cc02f8fbe8
pluralized post-logout redirect URI on client, closes #654
10 years ago
587d4b2db6
further pom file cleanup
10 years ago
377d8cb884
moved dependency version management to parent pom, closes #666
10 years ago
ef3a696972
removed getBySubject and getAll from user info repository and service layers, closes #760
10 years ago
63dd7c0b25
removed deprecated DefaultUserInfoUserDetailsService and corresponding test, closes #413
10 years ago
166c53cd6a
fixed comparison of client IDs in refresh token, closes #752
...
Also addresses #735 (again)
10 years ago
6c88d7c54b
removed old owner_id field, closes #636
10 years ago
ba97fcb88a
changed name of clientAuthorization to authorizationRequest (which is more accurate), closes #697
10 years ago
a1228d19b5
Changed lastWeek logic back to correct form, removed logic used for
...
testing.
10 years ago
e9d764e53e
added support for login_hint, closes #250
10 years ago
3e7ade9a67
fixed unit tests
10 years ago
1a2ca25359
relaxed scope constraints on protected resources registered through self-service page
10 years ago
e371ad345f
fixed checking of refresh token permissions in client service, clients can now request either refresh_token grant type or offline_access scope and it will work. added checkbox to dynreg page for ease-of-use
...
closes #734
10 years ago
56344fa12b
make sure that client presenting refresh token is the same client the refresh token was issued to
...
closes #735
10 years ago
0e776762c2
set up data API for 1.2 format (currently the same as 1.1 format)
10 years ago
b14dfa6458
approval page defaults to "ask again" when prompt=consent is passed, closes #669
10 years ago
775b77b367
updated date format of token introspection response, closes #719
10 years ago
c600787f1c
added key id to id token, closes #725
10 years ago
d87bdb2120
added ROLE_CLIENT to assertion client authentication, cleaned up roles on client secret authentication, closes #728 , closes #401
10 years ago
e6d10b67a4
update to Spring 4 and other related libraries
10 years ago
9dfac35912
Introduce introspection result assembler to allow for customized introspection results
10 years ago
d557b1e2c2
RefreshToken to AuthHolder linkage test now using AuthHolder ID to verify
10 years ago
ff436a6738
Added tests for ensuring the references between a refresh token and its authentication holder are preserved over import. Minor cleanup of other tests.
10 years ago
d18d325c0c
Better method of creating test AuthenticationHolderEntity, added some more testing to testImport/ExportGrants
...
Conflicts:
openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_1.java
10 years ago
ff28e1a383
Added new data service tests, separated date parsing/formatting utilities into DateUtil class
...
Conflicts:
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_X.java
openid-connect-server/src/main/java/org/mitre/openid/connect/util/DateUtil.java
10 years ago
188818dc0d
added null check to confirmation controller, closes #684
10 years ago
db052f11ca
Moved development branch to 1.2
10 years ago
134909a82f
import cleanup
10 years ago
1e71749c23
added more generic rotation capability
10 years ago
0b8dbc4f68
added registration token API
10 years ago
13cee6bf06
Ported date format changes from 1.0.x
10 years ago
98ace5c9fb
Separated date formatting and parsing functions to DateUtil class. Modified how timezone is printed to workaround Java date formatting issue.
...
Conflicts:
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java
10 years ago
1fbdd240f1
made binary encode/decode null safe
10 years ago
a8377513a6
Fixed reading/writing of approved access tokens
10 years ago
0320bae15c
Fixed netbeans copyright weirdness
10 years ago
dcf66fadc4
Added support for 1.1 config import/export, and separated common functions into 1_X abstract class
10 years ago
ad841a03df
Added support for whitelisted and blacklisted site export
10 years ago
8495617aed
Added support for whitelisted and blacklisted site import from a 1.0 config
10 years ago
16f15cc3c8
NPE fix
10 years ago
6333b1e4b1
Re-enabled reading of system scopes. Added 1.1 data export functionality
10 years ago
d5551e9692
Added services for data import/export and modified JpaAuthenticationHolderEntity and Repository to allow getting all objects
10 years ago
c683131f12
externalized view name strings and tied them to view beans
10 years ago
9e88a62479
moved the API endpoints, made resource tokens accessible too
10 years ago
6d80a00d65
import cleanup
10 years ago
81634e6165
added API for getting tokens by clientid
10 years ago
dee78c130c
fixed missing null check in request object parser
10 years ago
e0b84069d4
Update to latest spring-security-oauth2 module
10 years ago
6f2f807b0b
[maven-release-plugin] prepare for next development iteration
10 years ago
93ae1516a5
[maven-release-plugin] prepare release mitreid-connect-1.1.9
10 years ago
39c50b76f4
added null checks to endpoint auth method switches, closes #652
10 years ago
8768188133
makes the grant types checker softer, closes #640
11 years ago
9666404d54
added "none" to discovery endpoint
11 years ago
7476edb310
added unsigned ID token support to server
11 years ago
538c4031bb
added in better default checks for content negotiation
11 years ago
078bf5e464
combine HTTP content negotiation with client preferences for user info endpoint
11 years ago
1de2a61176
made accept header optional for user info request
11 years ago
04acc21eea
removed injection of admin email address from client API, will happen browser-side now
11 years ago
adf477c64e
[maven-release-plugin] prepare for next development iteration
11 years ago
8d97ed61ec
[maven-release-plugin] prepare release mitreid-connect-1.1.8
11 years ago
5773fe195b
set proper content type on user info JWT response
11 years ago
5f97ce0ca1
fixed error code string
11 years ago
6589cd717d
disallow fragments in redirect uris for dynamic clients, closes #622
11 years ago
4e52543091
more properly respond to some client registration errors
11 years ago
c493f438e7
applied token rotation to protected resources
11 years ago
f4edd3164f
made timeout field optional, tokens don't expire in the default case
11 years ago
4e09ec687b
Registration Token regeneration - when they are beyond their lifetime
...
(in read/update calls)
11 years ago
ed3e6a2814
https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/issues/431 :
...
Generating a new registration access token on read/update call and
revoking the token issued earlier.
11 years ago
a106121af3
created blacklist aware redirect resolver and wired it in, closes #549
11 years ago
a97f3e2d65
don't throw away creation time on protected resource update (oops)
11 years ago
e0fe22e4ba
don't regenerate client secrets every single time
11 years ago
53148f2c87
better auth method checking in dynamic registration and resource registration
11 years ago
f15b4a0f74
resource registration returned the wrong URL
11 years ago
47cc005fe5
more sanity checking for client secrets
11 years ago
cac645484f
client API now generates client secret only for clients that require a client secret
11 years ago
52e53ba219
extracted validation exception, refactored protected resource registration endpoint to use this format
11 years ago
b7a8bbdddc
cleanup, error wrappers on protected resource registration
11 years ago
deaccf437e
refactored dynamic registration endpoint's checks for client consistency
11 years ago
04f7a698ea
added response type consistency checking, closes #430
11 years ago
32101ff7b2
added parsing checks, fixed inverted logic, cleaned up redundant settings, closes #597
11 years ago
ab083c0963
added checks to dynamic registration endpoint that disallow registration of multiple incompatible grant types
11 years ago
cdd23df7ee
token introspection now returns user "sub" when available in addition to "user_id", closes #507 (might cause incompatibility problems)
11 years ago
85acfa90db
[maven-release-plugin] prepare for next development iteration
11 years ago
d5e4cb45a2
[maven-release-plugin] prepare release mitreid-connect-1.1.7
11 years ago
8861220632
stats on home page are now loaded in the background (makes main site load much faster)
11 years ago
3e4aae6c8a
hash tests now pass on Java8
11 years ago
dfdc4ed52d
fixed information leaks from approved site API
11 years ago
a84c10fc1c
Change copyright from Netcetera to MITRE/MIT-KIT.
11 years ago
2797731597
fixed unit test to account for cascading tokens
11 years ago
d2c83104fb
cascade token saves
11 years ago
7f8cbcea39
Use return value from TokenEnhancer.enhance
11 years ago
be98b9cd0b
[maven-release-plugin] prepare for next development iteration
11 years ago
8320f0eefe
[maven-release-plugin] prepare release mitreid-connect-1.1.6
11 years ago
0c8cacd59a
added missing copyright headers
11 years ago
525f3aa2a8
Cleaned up indentation, whitespace, and imports.
11 years ago
8185171119
minor clean up
11 years ago
5ab516de48
prevent clients from registering with special resource scope
11 years ago
c34357a433
added resource registration endpoint with basic functionality and specialized tokens
11 years ago
960319b796
improved logging configuration, removed transactional from service
11 years ago
85fd4e71ce
typo in error message
11 years ago
2af51dc77a
better URI check for prompt filter short circuit
11 years ago
f4a1a2acff
fixed prompt filter coding error
11 years ago
89d55e3d33
added support for default max auth age and require auth time, made prompt filter only work on authorization endpoint
11 years ago
5c6e75bd53
cleaned up UI for client editing
11 years ago
05e9624ae3
added support for encrypted and symmetrically signed id tokens and user info responses
11 years ago
ffe1b29906
Added Signed JWT support to UserInfo endpoint response, closes #593
11 years ago
e4d5f4a540
added system wide cache for all symmetric validators, closes # 557
11 years ago
ca333d256b
Appropriately catch runtime exceptions in all guava caches, closes #603
11 years ago
df9c9747ce
more reasonable check for whether or not a user auth is present, addresses #602
11 years ago
4e890a4d7d
enforce clients using a redirect flow have at least one redirect uri registered when using dynamic registration, made error handling more consistent across all APIs
...
closes #596
11 years ago
a225b00920
added null check and permissions check to ID token generation, closes #602
11 years ago
880014176f
[maven-release-plugin] prepare for next development iteration
11 years ago
ca8a003e3d
[maven-release-plugin] prepare release mitreid-connect-1.1.5
11 years ago
dcf36234c4
moved CSRF generator to request parser instead of confirmation controller
11 years ago
a253ebc908
added CSRF protection to approval page
11 years ago
Justin Richer