ed3e6a2814
https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/issues/431 :
...
Generating a new registration access token on read/update call and
revoking the token issued earlier.
2014-06-12 19:12:32 -04:00
a106121af3
created blacklist aware redirect resolver and wired it in, closes #549
2014-06-10 16:29:45 -04:00
a97f3e2d65
don't throw away creation time on protected resource update (oops)
2014-06-09 20:22:58 -04:00
e0fe22e4ba
don't regenerate client secrets every single time
2014-06-09 20:20:36 -04:00
53148f2c87
better auth method checking in dynamic registration and resource registration
2014-06-09 17:41:27 -04:00
f15b4a0f74
resource registration returned the wrong URL
2014-06-09 17:41:01 -04:00
47cc005fe5
more sanity checking for client secrets
2014-06-09 16:06:57 -04:00
cac645484f
client API now generates client secret only for clients that require a client secret
2014-06-09 16:00:55 -04:00
52e53ba219
extracted validation exception, refactored protected resource registration endpoint to use this format
2014-06-06 11:13:41 -04:00
b7a8bbdddc
cleanup, error wrappers on protected resource registration
2014-06-06 10:58:40 -04:00
deaccf437e
refactored dynamic registration endpoint's checks for client consistency
2014-06-06 10:18:40 -04:00
04f7a698ea
added response type consistency checking, closes #430
2014-06-05 19:41:06 -04:00
32101ff7b2
added parsing checks, fixed inverted logic, cleaned up redundant settings, closes #597
2014-06-05 19:06:03 -04:00
ab083c0963
added checks to dynamic registration endpoint that disallow registration of multiple incompatible grant types
2014-06-05 17:16:35 -04:00
cdd23df7ee
token introspection now returns user "sub" when available in addition to "user_id", closes #507 (might cause incompatibility problems)
2014-06-04 17:27:38 -04:00
8861220632
stats on home page are now loaded in the background (makes main site load much faster)
2014-06-04 14:39:30 -04:00
dfdc4ed52d
fixed information leaks from approved site API
2014-05-28 18:21:46 -04:00
d2c83104fb
cascade token saves
2014-05-27 19:28:38 -04:00
7f8cbcea39
Use return value from TokenEnhancer.enhance
2014-05-27 19:23:44 -04:00
0c8cacd59a
added missing copyright headers
2014-05-27 13:46:47 -04:00
525f3aa2a8
Cleaned up indentation, whitespace, and imports.
2014-05-27 13:02:49 -04:00
8185171119
minor clean up
2014-05-27 11:54:45 -04:00
5ab516de48
prevent clients from registering with special resource scope
2014-05-26 17:39:20 -04:00
c34357a433
added resource registration endpoint with basic functionality and specialized tokens
2014-05-26 16:30:24 -04:00
960319b796
improved logging configuration, removed transactional from service
2014-05-25 15:38:44 -04:00
85fd4e71ce
typo in error message
2014-05-25 15:37:58 -04:00
2af51dc77a
better URI check for prompt filter short circuit
2014-05-25 14:24:25 -04:00
f4a1a2acff
fixed prompt filter coding error
2014-05-24 23:16:29 -04:00
89d55e3d33
added support for default max auth age and require auth time, made prompt filter only work on authorization endpoint
2014-05-24 22:12:41 -04:00
5c6e75bd53
cleaned up UI for client editing
2014-05-24 20:56:54 -04:00
05e9624ae3
added support for encrypted and symmetrically signed id tokens and user info responses
2014-05-23 21:15:50 -04:00
ffe1b29906
Added Signed JWT support to UserInfo endpoint response, closes #593
2014-05-23 19:15:03 -04:00
e4d5f4a540
added system wide cache for all symmetric validators, closes # 557
2014-05-23 16:16:06 -04:00
ca333d256b
Appropriately catch runtime exceptions in all guava caches, closes #603
2014-05-23 15:00:40 -04:00
df9c9747ce
more reasonable check for whether or not a user auth is present, addresses #602
2014-05-23 11:49:51 -04:00
4e890a4d7d
enforce clients using a redirect flow have at least one redirect uri registered when using dynamic registration, made error handling more consistent across all APIs
...
closes #596
2014-05-21 18:29:51 -04:00
a225b00920
added null check and permissions check to ID token generation, closes #602
2014-05-21 17:45:25 -04:00
dcf36234c4
moved CSRF generator to request parser instead of confirmation controller
2014-05-13 09:48:34 -04:00
a253ebc908
added CSRF protection to approval page
2014-05-13 09:27:02 -04:00
fcfbf1080f
renamed auth request variable
2014-05-13 09:26:27 -04:00
7cd36b471f
Make introspection endpoint access authorization pluggable.
2014-05-07 16:44:56 +02:00
4b697ba909
webfinger checks host on acct: URIs, closes #404
2014-04-25 21:21:00 -04:00
376403fa4a
account for registration time in approval page, closes #550
2014-04-19 07:28:20 -04:00
1d2f968bd1
configuration cleanup, closes #568
2014-04-18 22:11:58 -04:00
521017c5c2
updated stats service to have a resettable cache triggered by other service events
2014-04-16 21:39:37 -04:00
7f310400b1
simple cache for stats
2014-04-16 21:18:12 -04:00
39509bfdc4
Performance improvement of token cleanup:
...
an alternative token cleanup mechanism designed to maintain a very compact memory footprint while performing cleanup in consecutive runs of the cleanup thread. This serves to address OutOfMemoryException issues of the original token cleanup mechanism when process is under load. Also, added cleanup of the authentication_holder table.
2014-04-10 23:38:37 -04:00
265624b285
a fix for a NullPointerException whenever a client requests a client scope to be granted.
2014-04-10 22:41:20 -04:00
53cc7ef447
Fixed audience claim on client auth assertion
2014-03-06 19:45:05 +00:00
1fcef858c6
updated server discovery document to reflect new capabilities
2014-03-06 16:48:27 +00:00
b67121f0cd
added client_secret_jwt auth method support, closes #174
2014-03-04 23:45:36 +00:00
15b017992c
added DELETE to token api because revocation endpoint doesn't work for this kind of management, closes #191
2014-03-01 11:05:46 +00:00
89f015cf1c
Updated Token API to be less leaky
2014-02-28 21:14:27 +00:00
dd391ebf3c
Display contacts, popup for image, cleanup of more info
2014-02-16 21:58:16 -05:00
dab52ca8a0
enhancements to approval page
2014-02-16 18:25:05 -05:00
ec6a78c1ba
made prompt pluralizable to comply with spec, closes #519
2014-02-16 01:41:08 -05:00
19dbe92d4e
initial support for displaying claim values for requested scopes
2014-01-20 20:56:04 -05:00
3b52ce8201
happy new year!
2014-01-20 12:38:42 -05:00
ebbc7209aa
automated code formatting and cleanup
2013-12-03 14:19:34 -05:00
4a8d693746
fixed prompt filter map mismatch (I hate type erasure)
2013-12-02 11:55:09 -05:00
d330bd1c9b
cleanup, added revocation uri to server config
2013-11-27 12:23:04 -05:00
ed06b14406
publish revocation endpoint, addresses #520
2013-11-27 12:13:42 -05:00
b7011f508e
urlencode client IDs in client registration URIs, addresses #422
2013-11-27 12:12:10 -05:00
8c1bfb7e0c
set current user's email address to owner when using admin UI
2013-11-27 12:11:36 -05:00
6c4d2a8e8d
vestigial comment cleanup
2013-11-27 12:06:53 -05:00
db5532e9bf
comment cleanup
2013-11-27 11:34:41 -05:00
39fb96a802
pull request from extensions map
2013-11-27 11:20:38 -05:00
86e0f0c7ee
cleaned up old comments
2013-11-27 11:20:01 -05:00
a24eadeb11
cleaned up responseType calls, addresses #451
2013-11-27 11:03:15 -05:00
df511a81cc
override from #465 no longer needed
2013-11-27 10:53:16 -05:00
d3dbb00e77
ensure clients and tokens don't get special system scopes, addresses #320
2013-11-27 10:35:56 -05:00
ef01de168d
Moved special token scopes to scope service interface
2013-11-27 10:21:52 -05:00
4f986d6a38
clean up some auto generated functions
2013-11-27 09:57:56 -05:00
f56135810c
Fixed request object precedence order
2013-11-27 09:52:26 -05:00
447df56947
removed unused nonce exception
2013-11-27 09:10:35 -05:00
27f391ef01
Fixed compilation errors for SECOAUTH milestone updates
2013-11-25 09:31:50 -05:00
190caee9a1
refactored userinfo serializer
2013-11-18 09:49:23 -05:00
2a34994383
cleanup view
2013-09-26 17:07:38 -04:00
7a4366c083
collapsed two serialization functions into one
2013-09-26 16:15:30 -04:00
65a7e1d724
Added UserInfo.toJson method; added ScopeClaimTranslationService; rewrote UserInfoSerializer to use both
2013-09-26 12:03:39 -04:00
cb449c25b1
Made a UserInfoSerializer class, attempted to switch UserInfoInterceptor over to use it, but it requires a bad hack. I might be missing something.
2013-09-26 12:03:39 -04:00
bf3e0033fe
initial refactor of userinfoview for new model components
2013-09-19 12:36:22 -04:00
9debf1486d
pass authorized and requested claims as strings to view
2013-09-19 12:36:22 -04:00
b396610f35
refactor processing of request object
2013-09-19 12:36:22 -04:00
47d304851d
Created token service for OIDC special tokens; removed creation of id tokens and registration_access_tokens to the new service.
2013-09-17 16:56:46 -04:00
66e837f650
Move extension parameters into OAuth2Request.extensions map; remove all calls to OAuth2Request.getRequestParameters.
2013-09-17 10:54:19 -04:00
e1ed53a229
added missing parts to discovery
2013-09-16 17:27:04 -04:00
6605877a1b
added encryption/decryption to cached JWK-URI service
2013-09-16 17:27:04 -04:00
9f13dc8f77
wrap errors in saving the client in an HTTP 400 (instead of HTTP 500) error
2013-09-13 14:22:42 -04:00
9b72c6b1f3
check sector identifier URI's contents and match against redirect URIs, addresses #504
2013-09-13 14:22:24 -04:00
1aa5fe25c6
re-decrypt request object at userinfo endpoint (this shouldn't need to happen)
2013-09-12 17:05:34 -04:00
09cd752c86
added basic support for encrypted request objects, addresses #475
2013-09-12 17:05:12 -04:00
d09b3b50d6
call encode() instead of new() on Base64URL utility
2013-09-12 15:19:14 -04:00
35bd9c8eda
throw appropriate errors from request factory
2013-09-12 14:48:54 -04:00
e67a41c556
added transient passthroughs to JOSE algorithms for client
2013-09-12 14:08:37 -04:00
c9aa42dbef
better processing for signed request objects
2013-09-12 13:56:10 -04:00
f9ca15139d
added phone-number verified, addresses #505
...
affects #455
2013-09-12 10:19:14 -04:00
0281cf02fe
calculate pairwise based on redirect uri rather than client id
2013-09-11 14:37:17 -04:00
77c0473438
fixed comparison order to be null safe
...
cleaned up type check
2013-09-11 11:59:34 -04:00
dbdc2e777d
added pairwise identifier service and repository
2013-09-10 17:15:58 -04:00
bdf62eaa36
need to check the sector identifier at some point
2013-09-10 16:35:51 -04:00
914f2e4d93
added new call to get the UserInfo in context with the requesting client to allow for pairwise identifiers.
...
temporary implementation of pairwise identifiers in place
2013-09-10 16:01:17 -04:00
149fb1bac1
services shouldn't be transactional
2013-09-10 15:26:09 -04:00
29d1c7d54a
userinfo endpoint now uses OAuth2Authentication exclusively
...
(which is all it was really doing before)
2013-09-10 14:16:34 -04:00
ac42c00062
id token now uses userinfo's sub
2013-09-10 13:50:49 -04:00
b9da10d176
look up by username instead of subject
2013-09-10 11:39:00 -04:00
9ea82aacf0
clean up unused getter/setter
2013-09-10 11:38:42 -04:00
469e722f72
defer to system scope matcher in approval handler
2013-09-06 16:07:25 -04:00
99ad9b883e
added validator that knows how to deal with structured scopes
2013-09-06 16:07:25 -04:00
59187d47e4
use new unified parsing for approval page
2013-09-06 16:07:25 -04:00
85533d50cf
scope comparison for TofuUserApprovalHandler
2013-09-06 16:07:25 -04:00
1c4c53f252
scope comparison for introspection endpoint
2013-09-06 16:07:24 -04:00
6152a943d8
serialize structured scopes properly (with tests)
2013-09-06 16:07:24 -04:00
72f0ab631d
added transient structured value to system scope, added scope matcher function to scope service
2013-09-06 16:07:24 -04:00
b416888b07
Structured Scopes from BB+
2013-09-06 16:07:24 -04:00
127507246e
if the client doesn't ask for any system scopes, but asks for some non-system scopes, they'll now get the defaults instead of none
...
addresses #498
2013-09-06 13:30:22 -04:00
64bbb73d1b
cleaned up CORS filter implementation
2013-09-03 16:01:19 -04:00
6ff4ae1458
added CORS filter
2013-09-03 15:17:18 -04:00
2108311d65
Revert "refactored code to use the more generic JWT declaration."
...
This reverts commit e0b56bc72a
2013-08-26 15:33:08 -04:00
e0b56bc72a
refactored code to use the more generic JWT declaration.
2013-08-26 11:32:46 -04:00
ca777f7dc4
proper null check for client's preferred signature method
2013-08-20 16:45:45 -04:00
07bec462cc
added comment about why we can't use set intersection method.
2013-08-20 14:09:14 -04:00
b89436d7b9
UserInfoView returning intersection of claims request parameter and request object claims in effect now.
2013-08-20 08:55:56 -04:00
941e9544e2
Compare client_ids instead of Client objects
2013-08-19 16:55:56 -04:00
3eae6f2789
Changed client algorithm check to look for null instead of JWSAlgorithm.NONE, which is a valid value.
2013-08-19 16:55:29 -04:00
0059c7b4cc
Use clients preferred algorithm, if any, to sign
2013-08-19 16:33:18 -04:00
b54f33d0db
fixed json elements of "claims" and "userinfo" being processed out of order.
2013-08-19 14:15:53 -04:00
7b813c79ee
parsing "claims" parameter directly from userinfoendpoint requests.
2013-08-19 13:32:34 -04:00
1ffbb39a2b
refactored json parser to a private static field.
2013-08-19 13:30:56 -04:00
89056bd911
removed test-specific constructor and default constructor.
2013-08-19 13:30:56 -04:00
7d51335055
added prompt=login support, addresses #323
2013-08-14 17:00:56 -04:00
a0646452ab
test for max_age, force login if not fresh enough, addresses #467
2013-08-14 16:50:51 -04:00
6c1e91b7e3
auth_time is now tracked, addresses #288
2013-08-14 15:39:41 -04:00
e88c6c4943
Changed predicates methods to use Collections2.filter rather than Sets.filter
2013-08-13 10:31:39 -04:00
6687e3a831
override createOAuth2Request method for factory iss #465 .
2013-08-09 13:03:46 -04:00
ef4482249c
Dyn-reg endpoint now creates the registration access token from scratch instead of calling token services; token services no longer needs to check for RAT scope to avoid expiring RATs
2013-08-09 11:49:11 -04:00
15e512cec3
renamed JWSUtils -> IdTokenHashUtils, renamed internal variables
2013-08-08 14:34:19 -04:00
cdd3a6d478
changed at_hash/c_hash impl. HMAC-SHA --> regular SHA.
2013-08-08 14:10:35 -04:00
2d4d7f7be9
Had to hand-merge some things; git got confused
2013-08-07 10:59:55 -04:00
861beeba64
Added c_hash function, added stub of unit test for JWSUtils
2013-08-07 10:43:26 -04:00
37580cc21e
JWSUtils uses JWSAlgorithm to match bit length; ConnectTokenEnhancer calls the util method now
2013-08-07 10:41:53 -04:00
3a591dc1f4
Added JWSUtils class;
2013-08-07 10:38:28 -04:00
be97aedbc7
Used Predicates to filter expired tokens and approved sites;
2013-08-06 16:42:49 -04:00
b3bb43881d
Moved getExpired to service layers
2013-08-06 16:33:27 -04:00
eea37cf79c
Fixed token expiration bug by removing jsql queries. Instead expired tokens or approved sites are filtered at the repository level
2013-08-06 11:28:13 -04:00
265214511c
Renamed oAuth2RequestFactory
2013-08-05 14:04:48 -04:00
a4c1a7a37d
Issue 449
2013-08-02 11:20:47 -04:00
2f711c88a7
Removed nonce service
2013-08-02 10:56:28 -04:00
d4fbb4f599
Removed Event class
2013-08-02 10:06:41 -04:00
ad2ace6d74
Do not expire registration tokens
2013-07-30 11:33:15 -04:00
beaeaa4ccc
I can spell "consortium", I promise
2013-07-29 17:40:26 -04:00
856c0ea0b5
Merge commit '023dd440d4a0e6e59a14c88013837d79a77c74e0' into 1.1-merge
...
Conflicts:
openid-connect-client/pom.xml
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/AuthorizationRequestImpl.java
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectionAuthorityGranter.java
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectionUrlProvider.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationProvider.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisher.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisherMapping.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/JwkViewResolver.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestUrlBuilder.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ClientConfigurationService.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticClientConfigurationService.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticServerConfigurationService.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticSingleIssuerService.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/ThirdPartyIssuerService.java
openid-connect-client/src/test/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilterTest.java
openid-connect-common/pom.xml
openid-connect-common/src/main/java/org/mitre/jose/keystore/JWKSetKeyStore.java
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/JwtSigningAndValidationService.java
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJwtSigningAndValidationService.java
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetSigningAndValidationServiceCacheService.java
openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java
openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java
openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java
openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java
openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java
openid-connect-common/src/main/java/org/mitre/oauth2/service/OAuth2TokenEntityService.java
openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java
openid-connect-common/src/main/java/org/mitre/openid/connect/config/ServerConfiguration.java
openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java
openid-connect-common/src/main/java/org/mitre/openid/connect/model/BlacklistedSite.java
openid-connect-common/src/main/java/org/mitre/openid/connect/model/Event.java
openid-connect-common/src/main/java/org/mitre/openid/connect/model/OIDCAuthenticationToken.java
openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java
openid-connect-common/src/main/java/org/mitre/util/jpa/JpaUtil.java
openid-connect-server/.gitignore
openid-connect-server/pom.xml
openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java
openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java
openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java
openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenIntrospectionView.java
openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java
openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java
openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectOAuth2RequestFactory.java
openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerAuthenticationProvider.java
openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerClientAssertionTokenEndpointFilter.java
openid-connect-server/src/main/java/org/mitre/openid/connect/exception/InvalidJwtSignatureException.java
openid-connect-server/src/main/java/org/mitre/openid/connect/exception/UnknownUserInfoSchemaException.java
openid-connect-server/src/main/java/org/mitre/openid/connect/exception/UserNotFoundException.java
openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaApprovedSiteRepository.java
openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultApprovedSiteService.java
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultNonceService.java
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultStatsService.java
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultUserInfoUserDetailsService.java
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultWhitelistedSiteService.java
openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java
openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java
openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java
openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java
openid-connect-server/src/main/java/org/mitre/openid/connect/view/ExceptionAsJSONView.java
openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java
openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java
openid-connect-server/src/main/java/org/mitre/openid/connect/view/POCOUserInfoView.java
openid-connect-server/src/main/java/org/mitre/openid/connect/view/StatsSummary.java
openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ManagerController.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/RequestObjectAuthorizationEndpoint.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoInterceptor.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java
openid-connect-server/src/main/webapp/WEB-INF/tags/aboutContent.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/breadcrumbs.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/contactContent.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/copyright.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/header.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/landingPageAbout.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/landingPageContact.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/landingPageStats.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/landingPageWelcome.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/sidebar.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/statsContent.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/topbar.tag
openid-connect-server/src/main/webapp/WEB-INF/views/about.jsp
openid-connect-server/src/main/webapp/WEB-INF/views/approve.jsp
openid-connect-server/src/main/webapp/WEB-INF/views/contact.jsp
openid-connect-server/src/main/webapp/WEB-INF/views/exception/usernotfound.jsp
openid-connect-server/src/main/webapp/WEB-INF/views/login.jsp
openid-connect-server/src/main/webapp/WEB-INF/views/manage.jsp
openid-connect-server/src/main/webapp/WEB-INF/views/stats.jsp
pom.xml
2013-07-29 16:21:20 -04:00
e658ffd7fc
format/cleanup and copyright
2013-07-29 11:28:51 -04:00
d4b544d519
disable token API (for now)
2013-07-29 11:23:07 -04:00
906db0ac86
Opened token api access to all users; restricted to only show currently-logged-in-users tokens
2013-07-29 09:18:08 -04:00
71da5b3d94
clean up some discovery values
2013-07-26 17:07:28 -04:00
c62bed37ff
convert server to use normalizer
2013-07-26 17:07:08 -04:00
93c3e7906f
put in line breaks into the extra long comments in DiscoveryEndpoint.java
2013-07-25 09:25:06 -04:00
b397f0ae15
First go at adding token API; needs to be tested
2013-07-24 09:14:46 -04:00
88db457fc4
Removed .springBeans from tracking; removed initializingbean in favor of @PostConstruct
2013-07-18 09:34:52 -04:00
aad432c5d7
replaced stracktrace-printing with logger messages. removed some unused imports.
2013-07-16 13:52:32 -04:00
f483d41b88
getCustomClaim -> getClaim. Also, removed outdated TODOs.
2013-07-16 13:17:25 -04:00
0d882faeca
added a TODO and fixed some comment typos.
2013-07-15 14:24:04 -04:00
15aea61fbe
Applied code cleanup
2013-07-12 16:58:41 -04:00
3e23967b46
Updated code to reflect SECOAUTH changes
2013-07-12 16:21:05 -04:00
9a6f345e15
yes, allow default scoping if the client doesn't ask for any.
2013-07-12 15:05:17 -04:00
3d312b7eb5
Deleted PermissionDeniedException class. Unused.
2013-07-12 11:40:11 -04:00
ada54c297d
addresses issue #382 . Throw an exception when client tries to upscope.
2013-07-12 11:36:33 -04:00
910839e5d9
fixed typo referring to client id as a client secret in code comments.
2013-07-10 16:53:49 -04:00
2d3f43e3b8
Added task scheduling for deleting expired tokens and approved sites. Configuration is all done in application-context.xml so that it is easy to configure
2013-07-10 14:34:37 -04:00
93a0492e97
made optional parameters optional
2013-07-10 12:50:57 -04:00
a9da88fb79
brought introspection endpoint and introspection token services into compliance with draft, addresses #376
2013-07-10 12:50:57 -04:00
5ffe1a50a2
Added null-handling for Scope values from the auth request. (Without this, a NullPointerException gets thrown with null scope values).
2013-07-05 15:14:56 -04:00
42027e451c
added REQUIRED response types to discovery doc. Also, fixed 2 typos in the list of supported grant types.
2013-06-28 15:31:50 -04:00
2a92185433
added introspection endpoint URL to discovery document.
2013-06-28 15:31:50 -04:00
741946d1ae
updated server discovery code comments.
2013-06-28 15:31:50 -04:00
f27b69d06b
removed Version field from server discovery configuration.
2013-06-28 15:31:50 -04:00
4f9cbb4b3f
added check for null
2013-06-27 09:29:47 -04:00
dc51af5b83
removed testing builder inner class from DefaultOAuth2ProviderTokenService. Also, added more unit tests.
2013-06-25 16:31:45 -04:00
c212821267
Fixed ChainedTokenGranter setup
2013-06-24 10:14:10 -04:00
530c3a75ee
Applyed refactoring
2013-06-24 09:44:59 -04:00
8935a87c23
TestDefaultWhitelistedSiteService done. Removed constructors from DefaultWhitelistedSiteService.
2013-06-18 15:20:06 -04:00
8851f4d037
TestDefaultOAuth2ClientDetailsEntityService done. Removed constructors from DefaultOAuth2ClientDetailsEntityService.
2013-06-18 15:19:55 -04:00
4ee904cbfd
removed setter/getter from DefaultUserInfoUserDetailsService and updated test class with Mockito annotations.
2013-06-18 15:19:46 -04:00
5428848627
updated TestDefaultApprovedSiteService to use annotation style Mocking. Allows for removal of injector constructor.
2013-06-18 15:19:46 -04:00
01fcb4828d
removed test constructors for DefaultBlacklistedSiteService.java. Used annotation method of injecting mock objects into testing class (@InjectMocks).
2013-06-18 15:19:33 -04:00
9a3625ae2b
made unit test for checking blacklisted sites. Introduced a new constructor to be able to inject repository for testing.
2013-06-18 15:19:33 -04:00
c577b691c7
moved OIDC auth token and userinfo interception filter to common package, addresses #353
2013-06-12 14:45:03 -04:00
8290d198c2
added passthrough of userinfo for remote OIDC users
2013-06-12 14:22:13 -04:00
6ed7477bc0
added stats to admin UI page, restyled scopes and dynamically registered flags
2013-06-07 18:05:07 -04:00
dc9d5c667e
cleaned up error log messages
2013-06-06 13:44:50 -04:00
1b601abd6f
Removed previous constructor from DefaultUserInforUserDetailsService.java and put in getter/setter for UserInfoRepository as a replacement.
2013-06-04 16:58:14 -04:00
a7f2e605fa
Added two unit tests using the Mockito framework
2013-05-31 15:04:18 -04:00
b0dc5fb4e2
Fix a bug where a client is deleted before details looked up. Also return 204 on success
2013-05-31 14:30:51 -04:00
76e5ff8053
Finished cleanup, ready to create pull request
2013-05-28 12:43:33 -04:00
81cd13f6d3
added RegisteredClient class to facilitate client configuration and dynamic registration, addresses #335
2013-05-20 17:19:28 -04:00
545ddace95
updated registration URI, addresses #321
2013-05-10 11:54:48 -07:00
713f0a4d25
Renamed OAuth2Request authorizatoinParameters map to requestParameters
2013-05-03 17:07:04 -04:00
967b3f2953
Cleanup from renaming
2013-05-03 16:15:42 -04:00
1e24b31cc3
Propogating rename of AuthorizationRequest to OAuth2Request
2013-05-03 13:53:57 -04:00
4276a14978
fixed stats api view
2013-05-02 14:55:37 -04:00
1e870703f8
added licence/copyright header
2013-05-02 11:45:20 -04:00
8afab04544
whitespace, import, brace, annotation, and format cleanups
2013-05-02 10:47:15 -04:00
a3771177a1
Updated json serialization of approved site objects
2013-04-29 11:17:36 -04:00
dcf41eaa9e
tried to make prompt=login work, backed off for now
2013-04-25 15:19:11 -04:00
8d53149d03
added functionality for prompt=none
2013-04-25 11:38:10 -04:00
7292766b51
implemented prompt=consent
2013-04-24 14:08:14 -04:00
ce2c90fb30
fixed error messages in auth request manager
2013-04-24 12:10:59 -04:00
c80b1081cc
Cleaning up approvedsite => token linkage
2013-04-24 11:52:03 -04:00
939a801048
Redid approved site -> token mapping so it is unidirectional from ApprovedSite side. Fixed some error logging, added a new view for ApprovedSite which will only show the IDs of the tokens in the approvedTokens list
2013-04-23 17:40:22 -04:00
a79aca906e
Fixed error logging; added ApprovedSite tracking to tokens
2013-04-22 15:49:06 -04:00
d7689152b8
fixed inadvertent consistency bug in granting offline_access to clients
2013-04-19 16:12:09 -04:00
0e2d5830a4
updated newly-registered clients to not get refresh tokens unless they ask for offline_access scope explicitly
2013-04-19 15:40:20 -04:00
fb859fc39a
added client dynamic registration service, extracted clientdetails<->json processing into its own static class
2013-04-19 14:23:11 -04:00
fc1088c841
fixed display of algorithms in discovery endpoint
2013-04-19 13:39:53 -04:00
82fca45412
Removed RequestObjectAuthorizationEndpoint as it is no longer needed with the changes to the AuthorizationEndpoint.
2013-04-17 13:10:40 -04:00
9db8119930
Fixed request object processing, had a small bug
2013-04-17 11:28:35 -04:00
e708f77eb3
Fixed up OIDC code so that it runs with new SECOAUTH changes; removed old AuthorizationRequestImpl class which is no longer needed
2013-04-17 09:52:09 -04:00
895690df54
added webfinger discovery to server, addresses #279
2013-04-16 17:22:18 -04:00
9c6b08d919
effectively removed auth_time calculations
2013-04-16 16:04:26 -04:00
33af3b1ad6
updated discovery endpoint to latest spec, removed surplus specialized view
2013-04-16 15:00:57 -04:00
8e8e14c638
added at_hash
2013-04-15 17:12:47 -04:00
3bb43f417a
added auth time tracking
2013-04-15 16:16:18 -04:00
98fff8fe99
updated error handling on introspection and revocation endpoints
2013-04-12 16:34:51 -04:00
35cb14a73f
fixed comment
2013-04-12 16:08:32 -04:00
743a3023dc
removed old error handlers
2013-04-12 16:04:40 -04:00
31e3c5e5e7
moved user approval page
2013-04-12 15:57:32 -04:00
694761c026
cleaned up userinfo view
2013-04-12 15:40:05 -04:00
71d6dc6afe
removed special stats view
2013-04-12 15:15:43 -04:00
7e59421f33
Commented out XRD endpoint and added TODO reference to webfinger issue
2013-04-11 10:33:27 -04:00
34b243e0e1
Added back discovery endpoint, but renamed to not say SWD
2013-04-11 10:27:31 -04:00
23c318f6c2
Updating guava to 14.0.1
2013-04-10 15:31:32 -04:00
a723c9d921
Removed references to DefaultAuthorizationRequest in connect code
2013-04-08 10:37:13 -04:00
e17eaa499e
Cleaned up classes affected by SECOAUTH changes; added Connect implementation of AuthorizationRequest and updated manager class to reflect new class & updated interface;
...
;
2013-04-08 10:13:27 -04:00
f63ea94b37
fixed bean name
2013-04-01 12:05:39 -04:00
c0c1847f38
fixed bean name
2013-04-01 11:59:23 -04:00
02220a411a
Fixed typo
2013-03-29 12:59:49 -04:00
2265a3f8c3
Updated error handling messages for scope, approved site, blacklist, whitelist, and client APIs using new JsonErrorView
2013-03-29 12:47:03 -04:00
ee5b21b542
Added JsonErrorView
2013-03-29 12:47:03 -04:00
07686d8e00
Removed superfluous try/catch around save call in ScopeAPI.
2013-03-29 12:47:03 -04:00
6cc50e7cd5
switched signing & validation service to use JWK natively for keys
2013-03-28 16:43:26 -04:00
f54dddd8c0
fixed blacklisted field name, addresses #295
2013-03-28 16:06:02 -04:00
e2ad4d2e8f
cleaned up spurious nosuchalgorithm exceptions, addresses #285
2013-03-28 15:06:30 -04:00
5b321b9c86
Updated whitelist api for ui error handling
2013-03-28 12:43:47 -04:00
666573cd34
Updated blacklist and client api for ui error handling
2013-03-28 12:37:18 -04:00
218fe9328c
Updated approved site API for error handling
2013-03-27 16:49:33 -04:00
435fff3b1c
Updated scope API for error handling
2013-03-27 16:27:55 -04:00
d24ecd2e7c
Removed extra scope validation endpoint
2013-03-27 15:27:34 -04:00
96e333afa6
Working on error handling
2013-03-27 15:27:34 -04:00
fa0a6a7b4e
Finding my way around Backbone, Underscore, and Bootstrap
2013-03-27 15:27:34 -04:00
36b08dcd6e
Removed SWD code
2013-03-22 15:23:08 -04:00
fcc95f8a0a
Moved nonce processing stuff into nonce service and out of ConnectAuthorizationRequestManager
2013-03-22 14:38:37 -04:00
d38c5b4200
Pared down nonce reuse exception message to just say that the nonce has already been used
2013-03-22 12:36:24 -04:00
b28b0615fa
removed vestigial ClientDetailsEntityService references
2013-03-22 12:32:31 -04:00
08eaaa0a12
updated repository to use proper concrete class
2013-03-21 15:20:36 -04:00
8fccbf3483
added Id field to DefaultUserInfo object, switched "userId" terminology to "subject"
2013-03-20 14:29:00 -04:00
f44c704472
major refactor of client filter
...
Collapsed filter into single class
pulled server config and client config management into service classes
created service for issuer (will handle account chooser)
created auth request services (handle signed and unsigned requests)
2013-03-14 18:05:50 -04:00
8992506a1d
Fixing up logging changes
2013-03-08 09:52:24 -05:00
f9b0670ae9
Merged ClientAPI and ClientDynamicRegistrationEndpoitn by hand
2013-03-07 12:12:27 -05:00
5cac7055a9
Standardized error handling and added logging for error conditions in endpoints
2013-03-07 11:56:57 -05:00
dbc68e4074
Working on error handling
2013-03-07 11:51:18 -05:00
1630814b9f
Marked classes where error handling needs to be added/changed
2013-03-07 11:51:18 -05:00
6320fce9fd
url -> uri in approval page
2013-03-07 10:39:33 -05:00
27a8bcf440
now with more documentation and actual deletion
2013-03-06 11:53:16 -05:00
eaa9e1ded4
typo for grant types in parser
2013-03-06 11:33:54 -05:00
a6a2d43e8f
added Read, Update, and Delete operations to dynreg endpoint
2013-03-06 11:33:31 -05:00
d37bac1775
simplification and documentation of client api views
2013-03-06 11:33:06 -05:00
c9bdba3f3a
API now bound to USER for read, ADMIN for write, addresses #267
2013-03-05 17:45:33 -05:00
1daf5bd357
dispatch to different views based on user role
2013-03-05 17:34:24 -05:00
70b2342864
fixed split client views, fixed typos in various places
2013-03-05 17:26:25 -05:00
51a7ccc397
entity -> embed
2013-03-05 16:33:13 -05:00
0d25d4cb17
null-preserving static parsers instead of constructors
2013-03-05 12:10:33 -05:00
6a88c13675
split client view into two classes
2013-03-04 17:50:02 -05:00
4095f2179c
added custom client view for API
2013-03-04 17:33:18 -05:00
9aebca2e97
fixed gson parser in client API
2013-03-04 16:38:11 -05:00
23efdf9f51
fix viewbean name, nullsafe client creation time, fixed default scope handling
2013-03-04 16:12:06 -05:00
26f03ec070
timestamp for creation date
2013-03-04 16:11:20 -05:00
235a3bf2c4
added client information response view
2013-03-04 15:45:35 -05:00
a2d6894f62
started serialization for client information view
2013-03-04 15:13:55 -05:00
db24c203ec
added parser to client registration endpoint
2013-03-04 15:01:02 -05:00
5c044b9eff
added extra client fields to DB model, moved services to use new client model object
2013-03-04 14:22:42 -05:00
bd877dde82
added signature checking to request objects
2013-03-01 17:44:44 -05:00
6c1e6b2d74
refactored signing and validation, added jwk-based cache, removed keyfetcher, refactored client side class structure
2013-03-01 17:44:44 -05:00
385853fa1f
refactored signing and validation, added jwk-based cache, removed keyfetcher, refactored client side class structure
2013-03-01 17:44:44 -05:00
13a3e97113
updated request object forwarding hack
2013-03-01 17:42:48 -05:00
60b679e942
First steps towards adding display variables to config bean
2013-02-22 17:10:14 -05:00
4d725b88dd
more updates to track nimbus-jose-jwt classes and use them properly
2013-02-22 12:08:01 -05:00
9a98d241e8
updates to track Nimbus JOSE API changes to audience and date fields
2013-02-22 12:08:01 -05:00
03e7337b9f
client registration endpoint needs general rewrite to fit new spec.
...
Most of the problematic references will change with the rewrite, so this is a slapdash patch to make things compile for now.
2013-02-22 12:08:01 -05:00
25b9940a68
request object endpoint is a placeholder, cleaning out for now
2013-02-22 12:08:01 -05:00
e5732da857
added system default signing algorithm, converted token provider and enhancer to use nimbus-jose
2013-02-22 12:08:01 -05:00
c01e873019
request object processor moved to nimbus-jose
2013-02-22 12:08:01 -05:00
0f99e0e06d
assertion token granter moved to nimbus-jose
2013-02-22 12:08:01 -05:00
10ab55a7e2
moved jwk/x509 publishing over to nimbus-jose (mostly)
2013-02-22 12:08:01 -05:00
a078f7d202
patched userinfo view to use nimbus
2013-02-22 12:08:01 -05:00
c7d1b47b38
converted bearer assertion framework to nimbus-jose
2013-02-22 12:08:01 -05:00
910a6cf1a0
remvoed idtoken repository that was never used
2013-02-22 12:08:01 -05:00
d0fdf8140e
sorting on approval page
2013-02-05 15:47:32 -05:00
02846c0a8d
typo fix, DB constraints
2013-02-05 14:40:06 -05:00
e622202e9e
display scopes based on request, pull scope information dynamically, addresses #208
2013-02-05 11:36:59 -05:00
eb4773ce46
beginning dynamic scopes on auth page
2013-02-05 11:28:39 -05:00
c2b9fd4db1
system scope ordering consistency
2013-02-05 11:11:41 -05:00
801a45cc49
several bugfixes to scopes UI, works now
2013-02-03 22:04:56 -05:00
a3037a18a7
system scope service applied to client creation UI
2013-02-03 22:04:55 -05:00
cab36a2b80
added appropriate filterered and transformative actions to scope service
2013-02-03 22:04:55 -05:00
ab35186696
added scope service, repository, and API
2013-02-03 22:02:24 -05:00
a2e548c261
fixed claims processor for request object from user info endpoint
2013-02-03 22:02:23 -05:00
3c190e044a
inject parsed parameters to make SECOAUTH happy
2013-02-03 22:02:23 -05:00
1144d511af
inject scopes
2013-02-03 22:02:23 -05:00
f9d50db1f1
don't treat openid scope special here -- by default client gets access to *all* scopes it's registered for
2013-02-03 22:02:23 -05:00
078342715b
moved request object to request manager
2013-02-03 22:02:22 -05:00
3399eed45a
Added about, contact, and stats pages. Still largely placeholders, but the topbar works correctly now at least.
2013-01-31 11:34:07 -05:00
0be254c99a
updated token introspection output to match spec and client filter
2013-01-30 15:31:32 -05:00
c1d33bb55b
bugfix in assertion processor
2013-01-30 14:34:16 -05:00
2e2c0e8e6c
Fixed bug in nonce processing
2013-01-29 13:07:41 -05:00
3db74100a4
working on bug
2013-01-29 13:07:41 -05:00
dd8b48e863
Reset ConnectAuthorizationRequestManager to version from master
2013-01-29 13:07:41 -05:00
06f970e61b
Trying to fix nonce service
2013-01-29 13:07:41 -05:00
86bf51f0a7
Added java reflection code for request object handling, needs to be tested
2013-01-29 13:07:41 -05:00
677f0f2d4c
Stubbed out required functionality for request object filtering
2013-01-29 13:07:41 -05:00
67e8714671
Working on request object userinfo parsing
2013-01-29 13:07:41 -05:00
7269700dc6
switched injector from repository to service
2013-01-24 19:32:55 -05:00
f0ee36dad2
auth_type -> auth_method (addresses #258 )
2013-01-18 18:26:55 -05:00
8831bc64a2
offline -> offline_access (addresses #248 )
2013-01-18 18:03:39 -05:00
27a26e0a35
(user_id/prn) -> sub
2013-01-18 16:40:05 -05:00
0ab4ad4bbe
added "birthdate", addresses #253
2013-01-18 15:38:41 -05:00
6ef4dc817e
genericized nimbus code, added caching
2013-01-18 15:10:48 -05:00
2d21a72e7e
switched to nimbus to check JWT signature
2013-01-18 15:10:48 -05:00
60bda31c54
updated custom filter
2013-01-18 15:10:48 -05:00
c17bc05b0e
wiring configuration
2013-01-18 15:10:48 -05:00
4262be1fd3
added jwt processing to client auth provider
2013-01-18 15:06:00 -05:00
abd64eccd6
added framework for processing assertions for client auth
2013-01-18 15:06:00 -05:00
ad5e77f7ff
Made nonce storage duration configurable in application-context.xml;
2013-01-10 10:34:40 -05:00
59f1b1f05e
Testing, nonce handling seems to be working now
2013-01-07 13:28:30 -05:00
a1a117cfde
Added default constructor to ConnectAuthorizationRequestManager
2013-01-07 10:54:33 -05:00
77b932f5a7
Added implementation of AuthorizationRequestManager. Nonce checking will go in here
2013-01-04 15:30:24 -05:00
1af6513499
Removed nonce checking from token service impl
2013-01-04 15:30:24 -05:00
246ed962bb
Added stub of repository test
2013-01-04 15:30:24 -05:00
e1dffb959c
Added NonceReuseException
2013-01-04 15:30:24 -05:00
a4637ec395
Fleshed out nonce service classes, added code to token service impl to check for and store nonces. Added JodaTime library for working with dates.
2013-01-04 15:30:24 -05:00
c7ae315e98
Added initial files for nonce service. Repository and service impls are stubs
2013-01-04 15:30:24 -05:00
87788f0710
let users visit home page without logging in
2012-12-18 13:56:46 -05:00
f265347311
tweaked error messages
2012-12-18 12:08:36 -05:00
18ddd8333f
added flag to allow introspection, relaxed same-client restrictions on introspection and chained tokens
2012-12-18 11:07:24 -05:00
1f53f41648
generic entity view now takes optional HttpStatus argument
2012-12-14 17:35:21 -05:00
a3790f943e
cleaned up introspection endpoint to use exceptions
2012-12-14 17:35:20 -05:00
e5206f2b92
implemented jwt assertions for id tokens
2012-12-14 17:35:20 -05:00
51b67ebc03
added queries to get access token from id token
2012-12-14 17:35:20 -05:00
1853bd7117
added assertion token granter
2012-12-14 17:35:20 -05:00
cda6163d0d
null and blank handling
2012-12-12 12:29:14 -05:00
06fad3a41c
moved view for client API
2012-12-11 15:19:11 -05:00
6344a72519
missed a few applicationName references, fixed API JSON rendering
2012-12-11 15:16:18 -05:00
dfd8e9c7c7
removed unused view
2012-12-11 15:15:52 -05:00
179903b074
propagated client changes to service
2012-12-11 12:31:01 -05:00
33ceedb283
added scope and grant_type, switched to timeunit
2012-12-11 12:11:09 -05:00
e2bc15c2b2
beginning of client registration refactor to track IETF dynreg spec
2012-12-10 17:36:33 -05:00
94c37f5815
added redelegate scope to client list, fixed inconsistency with refresh token issuance (addresses #239 )
2012-12-10 16:53:05 -05:00
510ddb48b7
override the correct part of the token granter class
2012-12-10 15:54:37 -05:00
bdcc6af096
temporary sanity check for client ID's
2012-12-10 11:40:03 -05:00
cab0839430
added workarounds for quirks in SECOAUTH
2012-12-10 11:27:28 -05:00
edc96d646c
added chained token grant
2012-12-10 10:48:38 -05:00
54708fb0ac
fixed id token scopes (shouldn't inherit from parent token)
2012-12-10 10:11:02 -05:00
e38b2b0ba5
shortened revocation endpoint url
2012-12-07 17:16:03 -05:00
fbc3c46128
Introspection now draft spec compliant, requires client auth
...
Currently this is the client that originally sent the token, we want to have a way to bind other "clients" to this token as well, like resource services. Also want to let open calls, sometimes.
2012-12-07 17:12:13 -05:00
544e3d7b43
added copy constructors because Dave likes to use unmodifiable sets for no apparent reason
2012-12-07 10:06:10 -05:00
7561ac9e8c
client dynamic registration now protected by access token, addresses #199
2012-12-06 17:48:23 -05:00
7342da6a51
completed making id tokens into access tokens
2012-12-06 16:24:04 -05:00
e4f9fa2bbf
labeled introspection endpoint
2012-12-06 16:19:25 -05:00
17374a57e0
added ISO date format to generic entity view, addresses #232
2012-12-06 16:15:14 -05:00
b8f701d9d8
switched id tokens to entities, they're now access tokens also
...
still needs some work to get the auth object right, for now we're just copying from the access token
2012-12-06 10:19:21 -05:00
e305d3b16b
Making stable in-memory and in-file database with HSQL
2012-12-03 17:53:25 -05:00
d07f67bd76
let user select when grants time out
2012-11-26 14:26:07 -05:00
84401531ae
tie refresh token generation to "offline" scope tag
2012-11-26 13:16:19 -05:00
667c3abc8a
dynamic scope display/selection on approval page
2012-11-26 11:53:19 -05:00
1281d75aa9
stopped re-parsing scopes
2012-11-26 11:53:19 -05:00
9c3a40779b
updated to SECOAUTH's horrible new object-breaking authorization request paradigm.
...
Bonus: it works!
2012-11-26 11:53:19 -05:00
3e327b9df6
reverted to original controller behavior
2012-11-26 11:53:19 -05:00
45ca4e565e
updated to SECOAUTH-1.0.1-BUILD-SNAPSHOT
2012-11-26 11:53:19 -05:00
cf1ddf0457
Determined that init binder was not needed to fix default for Boolean require_auth_time; instead use defaultValue=\"true\" in the RequestParam declaration. Also fixed bug in ClientDetails service so that it will not blow up if the client has no redirect uris registered
2012-11-21 15:39:07 -05:00
2084639828
Working on init binder for ClientDynamicRegistrationEndpoint
2012-11-21 14:54:24 -05:00
8b0c520534
Issue 213, writing init binder to convert null Boolean values to false before calling setters
2012-11-21 14:53:41 -05:00
a2a29e7b76
trying out new confirmation controller
2012-11-21 10:00:35 -05:00
d9b6918bc2
softened error from scope checker -- returns false now, allows things to pass through
2012-11-20 14:08:18 -05:00
9c08944a02
Changed arity on approved sites (now can have many per user/site combo)
2012-11-20 14:07:55 -05:00
fda86e23e9
moved everything to use the consumes/produces framework of Spring 3.1
2012-11-20 13:12:21 -05:00
5b0c17c5de
added in checks to blacklist service upon client registration and update
2012-11-19 14:10:55 -05:00
e9d1ed270d
service layer cleanups
2012-11-19 13:46:09 -05:00
757e21a722
added blacklist API
2012-11-16 11:57:46 -05:00
33f11cb98f
cleanly applied pushstate changes, new URL structure
2012-11-13 13:10:34 -05:00
51073a7f8d
Refactor part 3
2012-09-18 15:01:05 -04:00
ef80676dc1
Cleaned up web package a bit - lots of unused imports and variables
2012-09-18 14:39:07 -04:00
dd2abd94d1
Refactoring part 2
2012-09-18 14:36:27 -04:00
c40efda6b5
Refactor part 1
2012-09-18 14:24:34 -04:00
a9d1799eda
added getter/setter to UIE schema-to-view map
2012-09-11 12:44:47 -04:00
920b2a59ba
Fixed error logging
2012-09-10 17:17:03 -04:00
2d24435365
Created custom resolver, handler mapper
...
moved endpoint back to server
2012-09-10 17:17:03 -04:00
7eb0a6f3d2
Moved JWK to commons
2012-09-10 17:17:03 -04:00
f3c225d8f2
Updated SECOAUTH reference, made required alterations to our configuration
2012-09-07 16:08:15 -04:00
61b828e182
Fixed bug - removed service layer @Transactional annotations, which negated need for flush at repository level; moved @Transactional annotations.
2012-09-04 17:53:02 -04:00
ee7a5fd2e1
added registration URL to discovery endpoint
2012-08-30 17:18:36 -04:00
Trilok Jain