155974d8e3
moved services and api over to using new client Id field (instead of client_id)
2012-08-10 16:53:31 -04:00
eb5a24690f
added method to get client by its (new) Long id
2012-08-10 16:29:16 -04:00
bb7d6b2e94
split scopes table
2012-08-10 14:26:47 -04:00
170036e0b8
Added expiration to id tokens
2012-08-09 12:44:22 -04:00
49cb8bd0cb
fixing bugs; needed to make all ids BIGINT AUTO-INCREMENT PRIMARY KEY in sql files
2012-08-09 12:44:21 -04:00
d7deda1699
Propogated AuthenticationHolder effects; this is untested but compiles and I think it is mostly correct
2012-08-09 12:44:21 -04:00
90df91c351
Added AuthenticationHolder object, got references squared away for AccessToken side. Compiles.
2012-08-09 12:44:21 -04:00
cf348590b0
Removed unused ClientGeneratorFactory
2012-08-09 12:44:21 -04:00
d6d80c3e60
Gave OAuth2RefreshTokenEntity a Long Id
2012-08-09 12:44:21 -04:00
6b1dad7215
Gave OAuth2AccessTokenEntity a Long Id
2012-08-09 12:44:21 -04:00
780839dbf9
Made things compile after ClientDetailsEntity refactoring
2012-08-09 12:44:21 -04:00
09e528e113
added discovery info for x509 and client auth
2012-08-07 17:30:36 -04:00
8d4e046408
All logging is now org.slf4j. We had a mix of org.slf4j and apache commons-logging. Added error logging to all view which throw errors.
2012-08-07 10:04:38 -04:00
a061e64abf
Merge branch 'user-approval-handler-updated-rebase'
2012-08-06 16:30:03 -04:00
32dc92119f
Cleanup completed, this works for the most part. TODO: need to make an upstream change in order to inject a new set of scopes into the AuthorizationRequest.
2012-08-06 16:29:22 -04:00
5fb67ab7bb
Did a lot of cleanup; untested but compiles
2012-08-06 14:33:16 -04:00
ae44bd5e0c
Works; about to do some cleanup
2012-08-06 13:40:27 -04:00
2f28cf33e7
Changed UserInfo refs in WhitelistedSite to String ids; updated the user approval handler to check if "remember this decision" is checked and only make a new AP if so, and to pull in the scopes selected on the approval page as the saved allowed scopes for that AP.
2012-08-03 16:43:37 -04:00
b87d54b06e
Changed UserInfo references to String "userId" references
2012-08-03 13:32:17 -04:00
845976b8ac
First stages of getting the graylist portion to work. Currently no mechanism for telling the system NOT to remember your decision; that will come later. All approvals will be automatically stored with this code.
2012-08-03 12:49:40 -04:00
9a7e40fee7
moved all bean definitions to annotations, removed orphaned CheckID view
2012-08-02 12:46:35 -04:00
1508369548
now with Walsh-flavored certificate generation
2012-08-01 18:04:26 -04:00
61a8d4a787
x509 take -- bouncycastley version
2012-08-01 17:19:33 -04:00
db415bfa2b
Working on user approval handler
2012-07-31 14:50:24 -04:00
a223565364
updating user approval handler
2012-07-31 14:50:24 -04:00
4e10fce7ef
Implementing user approval handler; made some modifications to ApprovedSite and WhitelistedSite models, repositories, and service layers.
2012-07-31 14:50:24 -04:00
7c33e19950
Changed authorization endpoint to /authorize rather than /auth; updated SWD entry. Also removed checkid entry from SWD.
2012-07-31 14:39:27 -04:00
3982561a5b
Removing "throws exception" from views. Addresses issue #70
2012-07-31 12:28:46 -04:00
1b5f99efec
added .json mapping to SWD
2012-07-31 10:42:42 -04:00
02da9fceed
fixed imports
2012-07-31 09:16:05 -04:00
d07667576e
cleaned up old code
2012-07-30 16:50:44 -04:00
40f39a18e0
cleaning up introspection endpoint
2012-07-30 16:50:44 -04:00
e7449901a6
Removed IdTokenGeneratorService. Addresses issue #75
2012-07-30 16:46:20 -04:00
7a3ae5a757
Merge remote branch 'origin/master'
2012-07-10 17:00:30 -04:00
30addb5439
Redirect URI now displayed on approval page.
2012-07-10 16:54:55 -04:00
9f16f309bd
updated userinfouserdetailsservice to use username instead of userid -- this should actually be a wrapper class though
2012-07-10 16:44:29 -04:00
b0a7ebd9b1
fixed JWK algorithm display
2012-07-10 14:57:12 -04:00
5657bc8f28
updated configuration, confirmed works pending SECOAUTH-299
2012-07-09 11:25:45 -04:00
01793ec57f
added preferred_username claim to userinfo endpoint
2012-07-06 16:02:11 -04:00
50241e4da1
changed UserInfo.verified to UserInfo.emailVerified.
2012-07-06 14:11:43 -04:00
dbd563f3f2
attempting to allow make use of SPEL
2012-07-05 18:21:52 -04:00
f0c949fd09
added scope-based filter for userinfo
2012-07-05 17:14:51 -04:00
5c1b07ae65
don't overwrite an existing JWT nonce
2012-06-28 17:04:21 -04:00
de1597b214
refresh token handling fixed, removed token factory references
2012-06-28 16:55:11 -04:00
4e3c99abe4
Merge branch 'validityIntegers'
2012-06-26 13:55:26 -04:00
81d1af40bd
Updated our ClientDetailsEntity *TokenTimeout fields to be *ValiditySeconds, which are now typed as proper Integers in the SECOAUTH ClientDetails interface
2012-06-26 13:54:01 -04:00
1127a7cfbc
refactored JWKs, updated signing servier to use them
2012-06-25 17:19:25 -04:00
adb8499bee
merged derryberry code, plus tweaks, still WIP
2012-06-25 16:42:41 -04:00
b94fbd7439
updated -common and -client code by removing throws exception, changing to rest templates, and updating test cases to use annotations
2012-06-20 09:36:55 -04:00
fe3bbfb3d5
Further cleanups. Still missing:
...
- All tests extend TestCase, should use annotations instead
- Several elements throw Exception
- Key Fetchers should use RESTTemplates and be in a separate utility set
2012-06-15 17:11:58 -04:00
b86abdd761
merge from pull request, plus cleanup
2012-06-15 15:36:14 -04:00
731ad2e2e2
updated SECOAUTH reference, fixed some SQL files, temporarily closed token timeout issue
2012-06-15 12:05:08 -04:00
ace5dd1f1e
imported userinfouserdetails filter from MITRE codebase
2012-06-13 16:33:55 -04:00
65dc3daaf8
smart client
2012-06-12 16:09:01 -04:00
bbf9591c92
Merge branch 'master' into issue52
...
Conflicts:
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
openid-connect-server/src/main/webapp/WEB-INF/spring-servlet.xml
openid-connect-server/src/main/webapp/WEB-INF/views/oauth/approve.jsp
2012-06-11 15:04:01 -04:00
7a207dc162
Merge branch 'discoveryupdate'
2012-06-05 16:37:04 -04:00
7df2663e00
added final slashification of configuration URLs
2012-06-05 16:36:11 -04:00
fbdccdb78e
added Xrd support ( fixes #63 ), updated configuration locations ( fixes #47 )
2012-06-05 16:32:49 -04:00
e44697cef9
updated JWK display to latest, closes #58
2012-06-05 16:07:19 -04:00
5c72d8b95f
revocation endpoint cleanup, still needs views
2012-06-05 11:24:11 -04:00
27219c066d
refactored our service to reflect upstream
2012-06-05 10:18:26 -04:00
e95528a08d
added implementation to stub to read an access token by value
2012-06-05 10:11:24 -04:00
424f8bb737
Refactored to use TokenEnhancer rather than a custom TokenGranter.
2012-05-30 16:14:00 -04:00
8917e75010
see issue #19
2012-05-30 15:14:15 -04:00
16aa0c59b5
Added token enhancer. Now to plug it in.
2012-05-30 12:31:12 -04:00
2070d2e413
Updated to use AuthorizationRequestFactory rather than ClientCredentialsChecker.
2012-05-30 12:08:08 -04:00
ce847dd4f7
updated poco user view to contain name
2012-05-24 15:57:34 -04:00
c418ccabb1
Merge branch 'master' into userInfoEndpoint
2012-05-24 13:06:29 -04:00
1bff5ef19f
Added POCO view, Added UnknownUserInfoScheamException runtime exception
2012-05-24 11:00:49 -04:00
5c544dfe7c
Merge branch 'master' into userInfoEndpoint
2012-05-23 13:43:32 -04:00
7d4d65c359
Merge branch 'userinfo_integration'
2012-05-23 13:39:03 -04:00
a8e9f1d2cd
fixed rendering issues with user info view
2012-05-23 13:36:53 -04:00
9612fde10e
Check for null address, and added email
2012-05-23 13:35:05 -04:00
08958d4137
Merge remote-tracking branch 'remotes/steve/userInfoEndpoint' into userinfo_integration
2012-05-23 13:11:40 -04:00
06fadb5f2b
oauth provider configuration started
2012-05-23 12:55:21 -04:00
9b03831d4e
Filled in the UserInfoEndpoint, and added the JSON view for userInfo (openIdSchema)
2012-05-22 16:56:22 -04:00
e5312b4c99
Client secret now editable and dynamically generated if not present
2012-05-22 14:36:40 -04:00
51fe98b383
ClientAPI now sets owner for clients
2012-05-18 14:23:19 -04:00
2d980a4d8f
Refactoring of routing. Client updates
2012-05-17 16:33:22 -04:00
b06640c921
First stages of client-side validation worked into application
2012-05-16 17:22:25 -04:00
3402a3e463
ClientAPI now fully supports RESTful DELETE
2012-05-16 14:32:40 -04:00
7f5b9e2c82
ClientAPI now supports DELETE method
2012-05-16 14:03:49 -04:00
af6e043239
Client Entity now initialized with non-null values so JPA won't flip. Added unified method for saving. Sync'd class member names to allow proper binding.
2012-05-16 13:27:53 -04:00
0c7ea88323
Client updates.
2012-05-15 17:03:17 -04:00
0f9b828066
ClientAPI admin requirement now global
2012-05-15 14:10:12 -04:00
32e67730d8
ClientAPI maps to individual clients by IDs
2012-05-15 13:41:27 -04:00
6b481cd3bb
ClientAPI header updates
2012-05-15 13:09:16 -04:00
a4fc4e939e
ClientAPI cleanup
2012-05-15 12:41:41 -04:00
fd91c884bb
Made interfaces... deleted a thing.
2012-05-10 17:45:10 -04:00
e33f277bbe
Updated classes to track newest version of SECOAUTH. This update closes issues #3 , #4 , #8 , and #36 (infinite redirects). This revision changes the authorization and token endpoints to be /openidconnect/auth and /openidconnect/token, respectively.
2012-05-09 15:16:56 -04:00
c8e3f70115
Now requiring homepage login
2012-05-08 14:09:24 -04:00
7dd81ac2de
Server-side dynamics
2012-05-08 13:53:21 -04:00
23fd7b1b21
Renaming Client View class
2012-05-08 11:20:40 -04:00
eda7505b7b
Client API now renders JSON for all Clients
2012-05-08 11:16:45 -04:00
97dffb6414
added copyright to all java files. closes #11
2012-04-27 17:55:58 -04:00
6724866099
moved jwt components, utilities, and various interfaces to -common from -server
2012-04-27 15:20:49 -04:00
59ecb03548
added getter/setter for userinforepository, closes #40
2012-04-27 15:11:25 -04:00
6899a16c2f
Merge branch 'Really_fixing_redirects'
2012-04-16 12:39:06 -04:00
05b2cf8fff
removed vestigial user details code
2012-04-16 12:02:24 -04:00
f0f339d45f
current state
2012-04-16 11:05:36 -04:00
2fc4ce177c
This commit fixes the infinite redirect, somewhat. See updated issue #8 .
2012-04-11 15:55:19 -04:00
486b7723d3
Merge branch 'master' of github.com:jricher/OpenID-Connect-Java-Spring-Server
2012-04-10 13:45:26 -04:00
269a354f8c
Added tables.sql, which is just a concatenation of all the other sql files. Added redirect_uris.sql, which is a NEW table needed to support clients registering multiple redirect uris.
...
This updates us to the HEAD revision of SECOAUTH, where the redirect uri field on ClientDetails has been updated to be a Set<String> instead of a single string. I updated the UI code so that it will still work, but it will need to be updated to allow users to register multiple uris.
This also closes issue #2 from the issue tracker.
2012-04-10 13:44:10 -04:00
d056079fea
Support for ECDSA JWT signer was removed as it would require the system-wide installation and configuration of the Bouncy Castle Security Provider in order for the server to work when deployed to Tomcat. See issue ticket #20
2012-04-10 13:41:18 -04:00
6c8661f3ad
the signature base created in the verify method of the AbstractJwtSigner did not match how the Jwt.getSignatureBase creates the signature base. also, modified the testGenerateHmacSignature to exercise
2012-04-02 22:12:03 -04:00
267f1b2de3
bas64 decoded signature prior to verifying, modified unit rsa unit test, and fixed ecdsa signer verify
2012-04-02 21:32:42 -04:00
985a4619fa
abstracted keystore loader to new function
2012-04-02 15:06:58 -04:00
3dfe6df410
refactored algorithms out to their own separate Enum
2012-04-02 13:13:13 -04:00
fec6a3a876
removed definition parsers, may be picked up again later
2012-04-02 12:40:53 -04:00
b986b30695
Fixed unit tests - they were broken due to an error in application-context.xml; not because of the refactor. App context was trying to instantiate an Hmac signer with name "HMACSHA256", which should have been "HS256". I updated the exceptions thrown by the signer impls so that if an Algorithm name mismatch occurs it will tell you what it is trying to match against.
2012-03-30 13:45:04 -04:00
0a29eba617
unit test correction, slight refactor of tested classes
2012-03-29 14:02:51 -04:00
f215cfc50c
fix for issue 5, code refactoring across signers
2012-03-29 12:34:51 -04:00
c50f968748
Merged to use idToken.setNonce().
2012-03-23 11:11:38 -04:00
268b82e31d
Merge branch 'Branch_master3-23-2012'
2012-03-23 11:09:27 -04:00
8b10b83516
Added setNonce to JwtClaims.
2012-03-23 11:08:49 -04:00
4a15e51e12
pass through nonce
2012-03-23 10:52:04 -04:00
27fe3c9eca
Implemented signing. Works, but validation does not fail if you remove the signature.
2012-03-22 14:49:02 -04:00
68c8d1a9d2
Changed parameter for check id endpoint to access_token instead of auth_token
2012-03-22 14:19:45 -04:00
826be5a1a1
changed parameter name to match spec change
2012-03-22 14:10:50 -04:00
5fe036878a
fixed view for idtoken in checkid endpoint
2012-03-22 14:09:25 -04:00
c51bb72fe5
merged keystore changes
2012-03-22 13:50:47 -04:00
6c01134095
JWK display support for key maps, still no key ids
2012-03-22 13:48:16 -04:00
776748f908
Merge branch '3-22-2012'
2012-03-22 13:43:59 -04:00
ae9b5e792a
Added a ConfigurationPropertiesBean.java to hold configuration properties. Fixed up CheckIDEndpoint.java a bit - it works, but is outputting the wrong thing.
2012-03-22 13:43:30 -04:00
524a8e153e
signers turned into a map
2012-03-22 13:37:21 -04:00
664dd1df46
JWT claims can now have nulls in them without barfing
2012-03-22 11:46:48 -04:00
c59d3fe963
it spits out JWTs! and id tokens! JWT still needs to handle nulls
2012-03-21 17:59:48 -04:00
ebe72412fe
Authorization Grant flow works up to serializing the returned Access Token. Justin is investigating serialization problems.
2012-03-21 16:44:16 -04:00
d94eb338ee
Auth code flow works through user approval page. Current problem is that it doesn't seem to be matching up auth codes correctly (I keep getting "invalid code" error). But, it looks like it's going through our custom token granter so that is good.
2012-03-20 15:07:18 -04:00
2f29cc52b2
Merge branch 'client_refactor'
2012-03-16 16:28:51 -04:00
e6e7504213
added files and shuffled things to new packages
2012-03-16 15:46:23 -04:00
a0cdd8bf2f
moved server to new package location
2012-03-16 15:01:53 -04:00
Justin Richer