b2fab9642e
OAuth2Authentication#getPrincipal() used by OAuth2Authentication#getName() defaults to the client id if user authentication is not available. Prior to this fix, an introspection of a client-only access token would result to the user_id also being the client_id. This causes problems when this introspection result is converted into an OAuth2Authentication by a resource server's IntrospectingTokenService -- the user_id is populated with the client_id and so OAuth2Authentication's userAuthentication is populated falsely. |
||
|---|---|---|
| docs | ||
| openid-connect-client | ||
| openid-connect-common | ||
| openid-connect-server | ||
| openid-connect-server-webapp | ||
| uma-server | ||
| uma-server-webapp | ||
| .editorconfig | ||
| .gitignore | ||
| .travis.yml | ||
| LICENSE.txt | ||
| README.md | ||
| README_zh_CN.md | ||
| checkstyle.xml | ||
| pom.xml | ||
README.md
MITREid Connect
This project contains a certified OpenID Connect reference implementation in Java on the Spring platform, including a functioning server library, deployable server package, client (RP) library, and general utility libraries. The server can be used as an OpenID Connect Identity Provider as well as a general-purpose OAuth 2.0 Authorization Server.
More information about the project can be found:
- The project homepage on GitHub (with related projects)
- Full documentation
- Documentation for the Maven project and Java API
- Issue tracker (for bug reports and support requests)
- The mailing list for the project can be found at
mitreid-connect@mit.edu, with archives available online.
The authors and key contributors of the project include:
- Justin Richer
- Amanda Anganes
- Michael Jett
- Michael Walsh
- Steve Moore
- Mike Derryberry
- William Kim
- Mark Janssen
Copyright ©2016, The MITRE Corporation
and the MIT Internet Trust Consortium. Licensed under the Apache 2.0 license, for details see LICENSE.txt.