Justin Richer
|
9f13dc8f77
|
wrap errors in saving the client in an HTTP 400 (instead of HTTP 500) error
|
2013-09-13 14:22:42 -04:00 |
|
Justin Richer
|
9b72c6b1f3
|
check sector identifier URI's contents and match against redirect URIs, addresses #504
|
2013-09-13 14:22:24 -04:00 |
|
Justin Richer
|
1aa5fe25c6
|
re-decrypt request object at userinfo endpoint (this shouldn't need to happen)
|
2013-09-12 17:05:34 -04:00 |
|
Justin Richer
|
09cd752c86
|
added basic support for encrypted request objects, addresses #475
|
2013-09-12 17:05:12 -04:00 |
|
Justin Richer
|
a52f86db49
|
removed NYI tags from request object algorithm fields
|
2013-09-12 16:46:22 -04:00 |
|
Justin Richer
|
d09b3b50d6
|
call encode() instead of new() on Base64URL utility
|
2013-09-12 15:19:14 -04:00 |
|
Justin Richer
|
35bd9c8eda
|
throw appropriate errors from request factory
|
2013-09-12 14:48:54 -04:00 |
|
Justin Richer
|
e67a41c556
|
added transient passthroughs to JOSE algorithms for client
|
2013-09-12 14:08:37 -04:00 |
|
Justin Richer
|
c9aa42dbef
|
better processing for signed request objects
|
2013-09-12 13:56:10 -04:00 |
|
Justin Richer
|
f9ca15139d
|
added phone-number verified, addresses #505
affects #455
|
2013-09-12 10:19:14 -04:00 |
|
Justin Richer
|
6cbed133b2
|
let user know that the client is using a pairwise identifier on approval
|
2013-09-11 17:39:55 -04:00 |
|
Justin Richer
|
a9f639a718
|
moved subject type and sector identifier controls to the 'access' tab
|
2013-09-11 17:14:35 -04:00 |
|
Justin Richer
|
6b66139ead
|
added unit test for uuid service
|
2013-09-11 15:28:00 -04:00 |
|
Justin Richer
|
0281cf02fe
|
calculate pairwise based on redirect uri rather than client id
|
2013-09-11 14:37:17 -04:00 |
|
Justin Richer
|
f6a8ac4529
|
added unit test for default userinfo service (with pairwise checks)
|
2013-09-11 11:59:40 -04:00 |
|
Justin Richer
|
77c0473438
|
fixed comparison order to be null safe
cleaned up type check
|
2013-09-11 11:59:34 -04:00 |
|
Justin Richer
|
dbdc2e777d
|
added pairwise identifier service and repository
|
2013-09-10 17:15:58 -04:00 |
|
Justin Richer
|
bdf62eaa36
|
need to check the sector identifier at some point
|
2013-09-10 16:35:51 -04:00 |
|
Justin Richer
|
914f2e4d93
|
added new call to get the UserInfo in context with the requesting client to allow for pairwise identifiers.
temporary implementation of pairwise identifiers in place
|
2013-09-10 16:01:17 -04:00 |
|
Justin Richer
|
149fb1bac1
|
services shouldn't be transactional
|
2013-09-10 15:26:09 -04:00 |
|
Justin Richer
|
29d1c7d54a
|
userinfo endpoint now uses OAuth2Authentication exclusively
(which is all it was really doing before)
|
2013-09-10 14:16:34 -04:00 |
|
Justin Richer
|
ac42c00062
|
id token now uses userinfo's sub
|
2013-09-10 13:50:49 -04:00 |
|
Justin Richer
|
f139541485
|
added randomized subs to demo users
|
2013-09-10 13:48:37 -04:00 |
|
Justin Richer
|
b9da10d176
|
look up by username instead of subject
|
2013-09-10 11:39:00 -04:00 |
|
Justin Richer
|
9ea82aacf0
|
clean up unused getter/setter
|
2013-09-10 11:38:42 -04:00 |
|
Justin Richer
|
9720b60f05
|
allow loading of structured scopes from scopes.sql file (and temp tables)
|
2013-09-06 16:07:25 -04:00 |
|
Justin Richer
|
5e676e0e59
|
fixed scope UI
|
2013-09-06 16:07:25 -04:00 |
|
Justin Richer
|
2b663bb23c
|
UI for scope editing
|
2013-09-06 16:07:25 -04:00 |
|
Justin Richer
|
469e722f72
|
defer to system scope matcher in approval handler
|
2013-09-06 16:07:25 -04:00 |
|
Justin Richer
|
99ad9b883e
|
added validator that knows how to deal with structured scopes
|
2013-09-06 16:07:25 -04:00 |
|
Justin Richer
|
59187d47e4
|
use new unified parsing for approval page
|
2013-09-06 16:07:25 -04:00 |
|
Justin Richer
|
85533d50cf
|
scope comparison for TofuUserApprovalHandler
|
2013-09-06 16:07:25 -04:00 |
|
Justin Richer
|
1c4c53f252
|
scope comparison for introspection endpoint
|
2013-09-06 16:07:24 -04:00 |
|
Justin Richer
|
6152a943d8
|
serialize structured scopes properly (with tests)
|
2013-09-06 16:07:24 -04:00 |
|
Justin Richer
|
72f0ab631d
|
added transient structured value to system scope, added scope matcher function to scope service
|
2013-09-06 16:07:24 -04:00 |
|
Justin Richer
|
3fc34f15c8
|
added structured scope update to mysql (affects #455)
|
2013-09-06 16:07:24 -04:00 |
|
Josh Mandel
|
b416888b07
|
Structured Scopes from BB+
|
2013-09-06 16:07:24 -04:00 |
|
Justin Richer
|
127507246e
|
if the client doesn't ask for any system scopes, but asks for some non-system scopes, they'll now get the defaults instead of none
addresses #498
|
2013-09-06 13:30:22 -04:00 |
|
Justin Richer
|
64bbb73d1b
|
cleaned up CORS filter implementation
|
2013-09-03 16:01:19 -04:00 |
|
Justin Richer
|
6ff4ae1458
|
added CORS filter
|
2013-09-03 15:17:18 -04:00 |
|
Justin Richer
|
81cb60ad7b
|
made introspection and revocation work with basic auth (and possible OAuth tokens, but that needs more work)
|
2013-09-03 15:17:16 -04:00 |
|
Justin Richer
|
bdbff8d45c
|
tell spring to not stuff model into the redirects, partially addresses #492
|
2013-08-30 16:38:07 -04:00 |
|
Justin Richer
|
84f097edf4
|
removed outdated client credentials filter, addresses #491
|
2013-08-30 11:48:52 -04:00 |
|
Justin Richer
|
d7be122a21
|
added basic user profile view implementation
|
2013-08-29 17:33:42 -04:00 |
|
Justin Richer
|
55ea880396
|
hide admin panels from non-admin users, addresses #472
|
2013-08-29 17:15:13 -04:00 |
|
Justin Richer
|
235029ba0e
|
inject user's authorities into javascript context
|
2013-08-29 16:58:36 -04:00 |
|
Justin Richer
|
eab4563551
|
inject user's email address into contacts on dynamic registration
|
2013-08-29 16:58:24 -04:00 |
|
Justin Richer
|
be6179d1ac
|
inject the current user into the javascript context
|
2013-08-29 16:44:01 -04:00 |
|
Justin Richer
|
5c10eef8b7
|
added delete function
|
2013-08-29 14:18:54 -04:00 |
|
Justin Richer
|
d92b7c4810
|
changed display of core client components, added warning
|
2013-08-29 11:50:05 -04:00 |
|
Justin Richer
|
4009d9ea82
|
added create and update functions
|
2013-08-29 11:11:37 -04:00 |
|
Justin Richer
|
8e6da2b936
|
json view and form elements
|
2013-08-28 16:42:43 -04:00 |
|
Justin Richer
|
36151975c1
|
added client read and oauth token support for CRUD abilities
|
2013-08-28 15:32:18 -04:00 |
|
Justin Richer
|
ead99474be
|
fixed panels for client form
|
2013-08-28 14:38:03 -04:00 |
|
Justin Richer
|
fb66af2071
|
added form editor and control for newly-registered clients
|
2013-08-28 14:20:20 -04:00 |
|
Justin Richer
|
51973ea595
|
added dev page for self-service client registration
|
2013-08-28 14:17:30 -04:00 |
|
William Kim
|
2108311d65
|
Revert "refactored code to use the more generic JWT declaration."
This reverts commit e0b56bc72a.
|
2013-08-26 15:33:08 -04:00 |
|
William Kim
|
e0b56bc72a
|
refactored code to use the more generic JWT declaration.
|
2013-08-26 11:32:46 -04:00 |
|
Justin Richer
|
ca777f7dc4
|
proper null check for client's preferred signature method
|
2013-08-20 16:45:45 -04:00 |
|
William Kim
|
07bec462cc
|
added comment about why we can't use set intersection method.
|
2013-08-20 14:09:14 -04:00 |
|
William Kim
|
b89436d7b9
|
UserInfoView returning intersection of claims request parameter and request object claims in effect now.
|
2013-08-20 08:55:56 -04:00 |
|
Justin Richer
|
bd3d2a5cee
|
created crypto tab
|
2013-08-19 17:35:05 -04:00 |
|
Justin Richer
|
3f66d16236
|
removed NYI tag from ID token signing alg
|
2013-08-19 17:31:13 -04:00 |
|
Justin Richer
|
48a9202f79
|
fixed jquery.on regex to be less aggressive
|
2013-08-19 17:20:29 -04:00 |
|
Amanda Anganes
|
941e9544e2
|
Compare client_ids instead of Client objects
|
2013-08-19 16:55:56 -04:00 |
|
Amanda Anganes
|
3eae6f2789
|
Changed client algorithm check to look for null instead of JWSAlgorithm.NONE, which is a valid value.
|
2013-08-19 16:55:29 -04:00 |
|
Amanda Anganes
|
0059c7b4cc
|
Use clients preferred algorithm, if any, to sign
|
2013-08-19 16:33:18 -04:00 |
|
Justin Richer
|
2fb138aa19
|
fixed jquery.on syntax bug, addresses #346
|
2013-08-19 16:07:34 -04:00 |
|
Justin Richer
|
8edc8cc69a
|
Disable unsupported JOSE algorithms in UI, addresses #476
|
2013-08-19 15:52:00 -04:00 |
|
Justin Richer
|
8c91861188
|
load server configuration into JS app
|
2013-08-19 15:52:00 -04:00 |
|
Justin Richer
|
e40b1cf850
|
animated loading bar for management console
|
2013-08-19 15:52:00 -04:00 |
|
Justin Richer
|
a80c19384f
|
added 'use server default' to JOSE options, addresses #462
|
2013-08-19 15:52:00 -04:00 |
|
William Kim
|
b54f33d0db
|
fixed json elements of "claims" and "userinfo" being processed out of order.
|
2013-08-19 14:15:53 -04:00 |
|
William Kim
|
7b813c79ee
|
parsing "claims" parameter directly from userinfoendpoint requests.
|
2013-08-19 13:32:34 -04:00 |
|
William Kim
|
1ffbb39a2b
|
refactored json parser to a private static field.
|
2013-08-19 13:30:56 -04:00 |
|
William Kim
|
89056bd911
|
removed test-specific constructor and default constructor.
|
2013-08-19 13:30:56 -04:00 |
|
Justin Richer
|
ba0c3c5d78
|
id tokens always expire, addresses #416
|
2013-08-19 12:42:37 -04:00 |
|
William Kim
|
7e51a361ba
|
changed to using relative em lengths instead of hard px length values for token timeout form elements.
|
2013-08-15 16:19:47 -04:00 |
|
Justin Richer
|
c1ee5141a4
|
added back default timeouts and fixed refresh token check
|
2013-08-15 15:50:36 -04:00 |
|
William Kim
|
00db39dab9
|
addresses issue #471. setting default timeout values in the backbone model to null.
|
2013-08-15 15:29:16 -04:00 |
|
Justin Richer
|
1b674b6420
|
restored bootstrap to out-of-the-box formatting, addresses #454
|
2013-08-15 14:50:18 -04:00 |
|
William Kim
|
a6bb56ed9a
|
unit select box appropriately disabled after saving now.
|
2013-08-15 14:03:25 -04:00 |
|
William Kim
|
86c6a0ea8b
|
clear token timeout form fields when disabled and also disable unit selector.
|
2013-08-15 13:09:53 -04:00 |
|
William Kim
|
3f01ae1a71
|
renamed token expiration form field ids from -seconds to -time.
|
2013-08-15 11:13:29 -04:00 |
|
William Kim
|
2242db5c11
|
shortened token timeout form fields.
|
2013-08-15 11:13:29 -04:00 |
|
William Kim
|
6f8143937e
|
dropdown time unit chooser added for token expiration.
|
2013-08-15 11:13:29 -04:00 |
|
William Kim
|
7ab53795b1
|
refactor js. getFormTokenValue() -> getFormTokenNumberValue().
|
2013-08-15 11:13:29 -04:00 |
|
Justin Richer
|
7d51335055
|
added prompt=login support, addresses #323
|
2013-08-14 17:00:56 -04:00 |
|
Justin Richer
|
a0646452ab
|
test for max_age, force login if not fresh enough, addresses #467
|
2013-08-14 16:50:51 -04:00 |
|
Justin Richer
|
6c1e91b7e3
|
auth_time is now tracked, addresses #288
|
2013-08-14 15:39:41 -04:00 |
|
Amanda Anganes
|
e88c6c4943
|
Changed predicates methods to use Collections2.filter rather than Sets.filter
|
2013-08-13 10:31:39 -04:00 |
|
William Kim
|
f1357cceb4
|
corrected output for badly-formatted timeout date.
|
2013-08-12 16:20:42 -04:00 |
|
William Kim
|
025eb05d3a
|
added date format validity check for moment.js usage.
|
2013-08-12 16:15:06 -04:00 |
|
William Kim
|
c1607b53e4
|
null-checking in date display for approved sites.
|
2013-08-12 15:52:30 -04:00 |
|
William Kim
|
d67a492b6c
|
date display logic to use moment.js.
|
2013-08-12 15:03:46 -04:00 |
|
William Kim
|
ba7e791985
|
initial moment time formatting commit.
|
2013-08-12 12:15:47 -04:00 |
|
William Kim
|
a72ba6d98b
|
importing moment.js library.
|
2013-08-12 11:23:43 -04:00 |
|
William Kim
|
6687e3a831
|
override createOAuth2Request method for factory iss #465.
|
2013-08-09 13:03:46 -04:00 |
|
Amanda Anganes
|
ef4482249c
|
Dyn-reg endpoint now creates the registration access token from scratch instead of calling token services; token services no longer needs to check for RAT scope to avoid expiring RATs
|
2013-08-09 11:49:11 -04:00 |
|
Justin Richer
|
15e512cec3
|
renamed JWSUtils -> IdTokenHashUtils, renamed internal variables
|
2013-08-08 14:34:19 -04:00 |