OpenID-Connect-Java-Spring-Server

History

Sofia Ang b2fab9642e Fix such that `user_id` is only added if user authentication is available OAuth2Authentication#getPrincipal() used by OAuth2Authentication#getName() defaults to the client id if user authentication is not available. Prior to this fix, an introspection of a client-only access token would result to the user_id also being the client_id. This causes problems when this introspection result is converted into an OAuth2Authentication by a resource server's IntrospectingTokenService -- the user_id is populated with the client_id and so OAuth2Authentication's userAuthentication is populated falsely.	2016-12-02 16:08:32 -05:00
..
main/java/org/mitre	Fix such that `user_id` is only added if user authentication is available	2016-12-02 16:08:32 -05:00
test/java/org/mitre	testing for multiple classes of redirect URIs	2016-02-24 16:34:58 -05:00

Sofia Ang b2fab9642e Fix such that `user_id` is only added if user authentication is available

OAuth2Authentication#getPrincipal() used by OAuth2Authentication#getName() defaults to the client id if user authentication is not available.
Prior to this fix, an introspection of a client-only access token would result to the user_id also being the client_id. This causes problems when this
introspection result is converted into an OAuth2Authentication by a resource server's IntrospectingTokenService -- the user_id is populated with
the client_id and so OAuth2Authentication's userAuthentication is populated falsely.

2016-12-02 16:08:32 -05:00

main/java/org/mitre

Fix such that `user_id` is only added if user authentication is available

2016-12-02 16:08:32 -05:00

test/java/org/mitre

testing for multiple classes of redirect URIs

2016-02-24 16:34:58 -05:00