From f556c0bad782fb4641eac7a0cc1cf98c80fc168c Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mitre.org>
Date: Mon, 15 Jul 2013 06:32:16 -0700
Subject: [PATCH] Updated Client configuration (markdown)

---
 Client-configuration.md | 82 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 82 insertions(+)

diff --git a/Client-configuration.md b/Client-configuration.md
index 1296a55..d95a3d5 100644
--- a/Client-configuration.md
+++ b/Client-configuration.md
@@ -191,6 +191,28 @@ Dynamically discovers server information for an issuer based on the [OpenID Conn
 
 Server information is stored in an in-memory cache after discovery.
 
+### Hybrid Server Configuration
+
+Combines a static configuration service with a dynamically discovered one in one bean. Checks the static configuration first, then performs dynamic discovery. The `servers` property passes through to the static configuration service.
+
+```
+			<bean class="org.mitre.openid.connect.client.service.impl.HybridServerConfigurationService">
+				<property name="servers">
+					<map>
+						<entry key="${idp.url}">
+							<bean class="org.mitre.openid.connect.config.ServerConfiguration">
+								<property name="issuer" value="${idp.url}" />
+								<property name="authorizationEndpointUri"	value="${idp.url}authorize" />
+								<property name="tokenEndpointUri"	value="${idp.url}token" />
+								<property name="userInfoUri" value="${idp.url}userinfo" />
+								<property name="jwksUri" value="${idp.url}jwk" />
+							</bean>
+						</entry>
+					</map>
+				</property>
+			</bean>
+```
+
 ## Client Configuration
 
 The client must know certain things like its `client_id` and `client_secret` in order to request tokens. These are likely to vary from issuer to issuer, so the client configuration objects are indexed by the server configuration object in this service.
@@ -272,6 +294,66 @@ This service has a `registeredClientService` property which optionally allows fo
 
 It would be greatly preferable for a client to have its own implementation of the `RegisteredClientService` interface to store the client registration information in a secure location, such a the client application's database store.
 
+### Hybrid Client Configuration
+
+Combines a static client configuration service with a dynamically registered one. Checks the static configuration first, and if that fails, invokes the dynamic registration process. The `clients` property passes through to the static service and the `template` and `registeredClientService` properties pass through to the dynamic service underneath.
+
+```
+	<bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService">
+		<property name="clients">
+			<map>
+				<entry key="${idp.url}">
+					<bean class="org.mitre.oauth2.model.RegisteredClient">
+						<property name="clientId" value="client" />
+						<property name="clientSecret" value="secret" />
+						<property name="scope">
+							<set value-type="java.lang.String">
+								<value>openid</value>
+								<value>email</value>
+								<value>address</value>
+								<value>profile</value>
+								<value>phone</value>
+							</set>
+						</property>
+						<property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />
+						<property name="redirectUris">
+							<set>
+								<value>http://localhost:8080/simple-web-app/openid_connect_login</value>
+							</set>
+						</property>
+					</bean>
+				</entry>
+			</map>
+  </property>
+				<property name="template">
+					<bean class="org.mitre.oauth2.model.RegisteredClient">
+						<property name="clientName" value="Simple Web App" />
+						<property name="scope">
+							<set value-type="java.lang.String">
+								<value>openid</value>
+								<value>email</value>
+								<value>address</value>
+								<value>profile</value>
+								<value>phone</value>
+							</set>
+						</property>
+						<property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />
+						<property name="redirectUris">
+							<set>
+								<value>http://localhost:8080/simple-web-app/openid_connect_login</value>
+							</set>
+						</property>
+					</bean>
+ 				</property>
+<property name="registeredClientService">
+	<bean class="org.mitre.openid.connect.client.service.impl.JsonFileRegisteredClientService">
+		<constructor-arg name="filename" value="/tmp/swa-clients.json" />
+	</bean>
+</property>
+</bean>
+```
+
+
 ## Authorization Request URL Builder
 
 ### Plain Authorization Request