Compare revisions

Dominik Frantisek Bucik · Dominik František Bučík · semantic-release-bot · 047373bc · 047373bc · 047373bc
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
+## [17.0.5](https://gitlab.ics.muni.cz/perun-proxy-aai/java/OpenID-Connect-Java-Spring-Server/compare/v17.0.4...v17.0.5) (2024-01-23)
+
+
+### Bug Fixes
+
+* 🐛 parsing body in dynreg, JSON keys need to be in snakecas ([9fe3b3b](https://gitlab.ics.muni.cz/perun-proxy-aai/java/OpenID-Connect-Java-Spring-Server/commit/9fe3b3bd9472827fdd9c80d8168da3945a40583d))
+
 ## [17.0.4](https://gitlab.ics.muni.cz/perun-proxy-aai/java/OpenID-Connect-Java-Spring-Server/compare/v17.0.3...v17.0.4) (2024-01-22)



--- a/perun-oidc-server-webapp/pom.xml
+++ b/perun-oidc-server-webapp/pom.xml
@@ -21,7 +21,7 @@
 	<parent>
 		<groupId>cz.muni.ics</groupId>
 		<artifactId>perun-oidc-parent</artifactId>
-		<version>17.0.4</version>
+		<version>17.0.5</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>


--- a/perun-oidc-server/pom.xml
+++ b/perun-oidc-server/pom.xml
@@ -22,7 +22,7 @@
 	<parent>
 		<groupId>cz.muni.ics</groupId>
 		<artifactId>perun-oidc-parent</artifactId>
-		<version>17.0.4</version>
+		<version>17.0.5</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>


--- a/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/ClientDetailsEntity.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/ClientDetailsEntity.java
@@ -423,4 +423,32 @@ public class ClientDetailsEntity implements ClientDetails {
 		}
 	}

+	public void setAccessTokenValiditySeconds(Integer accessTokenValiditySeconds) {
+		if (accessTokenValiditySeconds == null || accessTokenValiditySeconds < 0 ) {
+			return;
+		}
+		this.accessTokenValiditySeconds = accessTokenValiditySeconds;
+	}
+
+	public void setRefreshTokenValiditySeconds(Integer refreshTokenValiditySeconds) {
+		if (refreshTokenValiditySeconds == null || refreshTokenValiditySeconds < 0 ) {
+			return;
+		}
+		this.refreshTokenValiditySeconds = refreshTokenValiditySeconds;
+	}
+
+	public void setIdTokenValiditySeconds(Integer idTokenValiditySeconds) {
+		if (idTokenValiditySeconds == null || idTokenValiditySeconds < 0 ) {
+			return;
+		}
+		this.idTokenValiditySeconds = idTokenValiditySeconds;
+	}
+
+	public void setDeviceCodeValiditySeconds(Integer deviceCodeValiditySeconds) {
+		if (deviceCodeValiditySeconds == null || deviceCodeValiditySeconds < 0 ) {
+			return;
+		}
+		this.deviceCodeValiditySeconds = deviceCodeValiditySeconds;
+	}
+
 }
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/DynamicallyRegisteredRequestBody.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/DynamicallyRegisteredRequestBody.java
 package cz.muni.ics.oauth2.model;

+import com.fasterxml.jackson.annotation.JsonAlias;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import lombok.AllArgsConstructor;
 import lombok.EqualsAndHashCode;
 import lombok.Getter;
@@ -16,90 +18,133 @@ import java.util.Set;
 @EqualsAndHashCode
 @NoArgsConstructor
 @AllArgsConstructor
+@JsonIgnoreProperties(ignoreUnknown = true)
 public class DynamicallyRegisteredRequestBody {

+    @JsonAlias("client_name")
    private String clientName;

+    @JsonAlias("client_description")
    private String clientDescription;

+    @JsonAlias("redirect_uris")
    private Set<String> redirectUris = new HashSet<>();

+    @JsonAlias("client_uri")
    private String clientUri;

+    @JsonAlias("contacts")
    private Set<String> contacts = new HashSet<>();

+    @JsonAlias("tos_uri")
    private String tosUri;

+    @JsonAlias("token_endpoint_auth_method")
    private String tokenEndpointAuthMethod;

+    @JsonAlias("scope")
    private Set<String> scope = new HashSet<>();

+    @JsonAlias("grant_types")
    private Set<String> grantTypes = new HashSet<>();

+    @JsonAlias("response_types")
    private Set<String> responseTypes = new HashSet<>();

+    @JsonAlias("policy_uri")
    private String policyUri;

+    @JsonAlias("jwks_uri")
    private String jwksUri;

+    @JsonAlias("jwks")
    private String jwks;

+    @JsonAlias("software_id")
    private String softwareId;

+    @JsonAlias("software_version")
    private String softwareVersion;

+    @JsonAlias("application_type")
    private String applicationType;

+    @JsonAlias("sector_identifier_uri")
    private String sectorIdentifierUri;

+    @JsonAlias("subject_type")
    private String subjectType;

+    @JsonAlias("request_object_signing_alg")
    private String requestObjectSigningAlg = null;

+    @JsonAlias("userinfo_signed_response_alg")
    private String userInfoSignedResponseAlg = null;

+    @JsonAlias("userinfo_encrypted_response_alg")
    private String userInfoEncryptedResponseAlg = null;

+    @JsonAlias("userinfo_encrypted_response_enc")
    private String userInfoEncryptedResponseEnc = null;

+    @JsonAlias("id_token_signed_response_alg")
    private String idTokenSignedResponseAlg = null;

+    @JsonAlias("id_token_encrypted_response_alg")
    private String idTokenEncryptedResponseAlg = null;

+    @JsonAlias("id_token_encrypted_response_enc")
    private String idTokenEncryptedResponseEnc = null;

+    @JsonAlias("token_endpoint_auth_signing_alg")
    private String tokenEndpointAuthSigningAlg = null;

+    @JsonAlias("default_max_age")
    private Integer defaultMaxAge;

+    @JsonAlias("require_auth_time")
    private Boolean requireAuthTime;

+    @JsonAlias("default_acr_values")
    private Set<String> defaultACRvalues;

+    @JsonAlias("initiate_login_uri")
    private String initiateLoginUri;

+    @JsonAlias("post_logout_redirect_uris")
    private Set<String> postLogoutRedirectUris = new HashSet<>();

+    @JsonAlias("request_uris")
    private Set<String> requestUris = new HashSet<>();

+    @JsonAlias("access_token_validity_seconds")
    private Integer accessTokenValiditySeconds = 0;

+    @JsonAlias("refresh_token_validity_seconds")
    private Integer refreshTokenValiditySeconds = 0;

+    @JsonAlias("resources")
    private Set<String> resourceIds = new HashSet<>();

+    @JsonAlias("reuse_refresh_token")
    private boolean reuseRefreshToken = true;

+    @JsonAlias("id_token_validity_seconds")
    private Integer idTokenValiditySeconds;

+    @JsonAlias("clear_access_tokens_on_refresh")
    private boolean clearAccessTokensOnRefresh = true;

+    @JsonAlias("device_code_validity_seconds")
    private Integer deviceCodeValiditySeconds = 0;

+    @JsonAlias("claim_redirect_uris")
    private Set<String> claimsRedirectUris = new HashSet<>();

+    @JsonAlias("software_statement")
    private String softwareStatement;

+    @JsonAlias("code_challenge_method")
    private String codeChallengeMethod;

 }
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/service/impl/DynamicClientRegistrationServiceImpl.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/service/impl/DynamicClientRegistrationServiceImpl.java
@@ -25,6 +25,7 @@ import org.springframework.stereotype.Service;
 import org.springframework.util.StringUtils;

 import java.text.ParseException;
+import java.util.HashSet;
 import java.util.Set;
 import java.util.UUID;

@@ -125,8 +126,11 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
        if (!AuthMethod.isSupported(tokenEndpointAuthMethod)) {
            throw new InvalidRequestException("Unsupported token endpoint auth method: " + tokenEndpointAuthMethod);
        }
+
        Set<String> scope = clientRequest.getScope();
-        if (scope != null && !scope.isEmpty()) {
+        if (scope == null) {
+            clientRequest.setScope(new HashSet<>());
+        } else if (!scope.isEmpty()) {
            Set<SystemScope> allScopes = scopeService.getAll();
            for (String scopeStr: scope) {
                if (!allScopes.contains(scopeService.fromString(scopeStr))) {
@@ -144,23 +148,44 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
                "refresh_token",
                "urn:ietf:params:oauth:grant-type:token-exchange",
                "urn:ietf:params:oauth:grant-type:device_code");
-        if (grants != null && !grants.isEmpty()) {
+        if (grants == null) {
+            clientRequest.setGrantTypes(new HashSet<>());
+            grants = clientRequest.getGrantTypes();
+        } else if (!grants.isEmpty()) {
            for (String grant : grants) {
                if (!supportedGrants.contains(grant)) {
                    throw new InvalidRequestException("Unsupported grant type requested: " + grant);
                }
            }
        }
+
        //TODO: check grants are supported by injecting the configuration of supported response types
        Set<String> responseTypes = clientRequest.getResponseTypes();
-        Set<String> supportedResponseTypes = Set.of("code", "token id_token");
-        if (responseTypes != null && !responseTypes.isEmpty()) {
+        Set<String> supportedResponseTypes = Set.of("code", "token id_token", "id_token token");
+        if (responseTypes == null) {
+            clientRequest.setResponseTypes(new HashSet<>());
+            responseTypes = clientRequest.getResponseTypes();
+        } else if (!responseTypes.isEmpty()) {
            for (String responseType : responseTypes) {
                if (!supportedResponseTypes.contains(responseType)) {
                    throw new InvalidRequestException("Unsupported response type requested: " + responseType);
                }
            }
        }
+
+        if (grants.contains("authorization_code") && (!responseTypes.contains("code"))) {
+            throw new InvalidRequestException("Grant 'authorization_code' requires response type 'code'");
+        }
+        if (grants.contains("implicit")
+                && !responseTypes.contains("token")
+                && !responseTypes.contains("token id_token")
+                && !responseTypes.contains("id_token token")
+        ) {
+            throw new InvalidRequestException("Grant 'implicit' requires response type 'token id_token' or 'id_token'");
+        }
+        if (!grants.contains("authorization_code") && !grants.contains("implicit") && !responseTypes.isEmpty()) {
+            throw new InvalidRequestException("Requested grant types do not match with response types (should be empty)");
+        }
        if (StringUtils.hasText(clientRequest.getJwks())) {
            try {
                JWKSet.parse(clientRequest.getJwks());
@@ -322,6 +347,7 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
        client.setClearAccessTokensOnRefresh(requestedRegistration.isClearAccessTokensOnRefresh());
        client.setDeviceCodeValiditySeconds(requestedRegistration.getDeviceCodeValiditySeconds());
        client.setClaimsRedirectUris(requestedRegistration.getClaimsRedirectUris());
+
        if (StringUtils.hasText(requestedRegistration.getSoftwareStatement())) {
            client.setSoftwareStatement(JWTParser.parse(requestedRegistration.getSoftwareStatement()));
        }
@@ -329,6 +355,7 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
        if (StringUtils.hasText(requestedRegistration.getCodeChallengeMethod())) {
            client.setCodeChallengeMethod(PKCEAlgorithm.getByAlgorithmName(requestedRegistration.getCodeChallengeMethod()));
        }
+
        client.setDynamicallyRegistered(true);
        client.setAcceptedTos(tokenClient.isAcceptedTos());
        client.setJurisdiction(tokenClient.getJurisdiction());

--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>cz.muni.ics</groupId>
 	<artifactId>perun-oidc-parent</artifactId>
-	<version>17.0.4</version>
+	<version>17.0.5</version>
 	<packaging>pom</packaging>

 	<modules>
No results found