Skip to content
Snippets Groups Projects
Commit 4cff2d1a authored by Dominik František Bučík's avatar Dominik František Bučík
Browse files

chore: merge branch 'fix_dynreg' into 'main'

fix: :bug: parsing body in dynreg, JSON keys need to be in snakecas

See merge request perun-proxy-aai/java/OpenID-Connect-Java-Spring-Server!368
parents e6dd13ca 9fe3b3bd
No related branches found
No related tags found
1 merge request!368fix: 🐛 parsing body in dynreg, JSON keys need to be in snakecas
Pipeline #383145 passed with warnings
......@@ -423,4 +423,32 @@ public class ClientDetailsEntity implements ClientDetails {
}
}
public void setAccessTokenValiditySeconds(Integer accessTokenValiditySeconds) {
if (accessTokenValiditySeconds == null || accessTokenValiditySeconds < 0 ) {
return;
}
this.accessTokenValiditySeconds = accessTokenValiditySeconds;
}
public void setRefreshTokenValiditySeconds(Integer refreshTokenValiditySeconds) {
if (refreshTokenValiditySeconds == null || refreshTokenValiditySeconds < 0 ) {
return;
}
this.refreshTokenValiditySeconds = refreshTokenValiditySeconds;
}
public void setIdTokenValiditySeconds(Integer idTokenValiditySeconds) {
if (idTokenValiditySeconds == null || idTokenValiditySeconds < 0 ) {
return;
}
this.idTokenValiditySeconds = idTokenValiditySeconds;
}
public void setDeviceCodeValiditySeconds(Integer deviceCodeValiditySeconds) {
if (deviceCodeValiditySeconds == null || deviceCodeValiditySeconds < 0 ) {
return;
}
this.deviceCodeValiditySeconds = deviceCodeValiditySeconds;
}
}
package cz.muni.ics.oauth2.model;
import com.fasterxml.jackson.annotation.JsonAlias;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import lombok.AllArgsConstructor;
import lombok.EqualsAndHashCode;
import lombok.Getter;
......@@ -16,90 +18,133 @@ import java.util.Set;
@EqualsAndHashCode
@NoArgsConstructor
@AllArgsConstructor
@JsonIgnoreProperties(ignoreUnknown = true)
public class DynamicallyRegisteredRequestBody {
@JsonAlias("client_name")
private String clientName;
@JsonAlias("client_description")
private String clientDescription;
@JsonAlias("redirect_uris")
private Set<String> redirectUris = new HashSet<>();
@JsonAlias("client_uri")
private String clientUri;
@JsonAlias("contacts")
private Set<String> contacts = new HashSet<>();
@JsonAlias("tos_uri")
private String tosUri;
@JsonAlias("token_endpoint_auth_method")
private String tokenEndpointAuthMethod;
@JsonAlias("scope")
private Set<String> scope = new HashSet<>();
@JsonAlias("grant_types")
private Set<String> grantTypes = new HashSet<>();
@JsonAlias("response_types")
private Set<String> responseTypes = new HashSet<>();
@JsonAlias("policy_uri")
private String policyUri;
@JsonAlias("jwks_uri")
private String jwksUri;
@JsonAlias("jwks")
private String jwks;
@JsonAlias("software_id")
private String softwareId;
@JsonAlias("software_version")
private String softwareVersion;
@JsonAlias("application_type")
private String applicationType;
@JsonAlias("sector_identifier_uri")
private String sectorIdentifierUri;
@JsonAlias("subject_type")
private String subjectType;
@JsonAlias("request_object_signing_alg")
private String requestObjectSigningAlg = null;
@JsonAlias("userinfo_signed_response_alg")
private String userInfoSignedResponseAlg = null;
@JsonAlias("userinfo_encrypted_response_alg")
private String userInfoEncryptedResponseAlg = null;
@JsonAlias("userinfo_encrypted_response_enc")
private String userInfoEncryptedResponseEnc = null;
@JsonAlias("id_token_signed_response_alg")
private String idTokenSignedResponseAlg = null;
@JsonAlias("id_token_encrypted_response_alg")
private String idTokenEncryptedResponseAlg = null;
@JsonAlias("id_token_encrypted_response_enc")
private String idTokenEncryptedResponseEnc = null;
@JsonAlias("token_endpoint_auth_signing_alg")
private String tokenEndpointAuthSigningAlg = null;
@JsonAlias("default_max_age")
private Integer defaultMaxAge;
@JsonAlias("require_auth_time")
private Boolean requireAuthTime;
@JsonAlias("default_acr_values")
private Set<String> defaultACRvalues;
@JsonAlias("initiate_login_uri")
private String initiateLoginUri;
@JsonAlias("post_logout_redirect_uris")
private Set<String> postLogoutRedirectUris = new HashSet<>();
@JsonAlias("request_uris")
private Set<String> requestUris = new HashSet<>();
@JsonAlias("access_token_validity_seconds")
private Integer accessTokenValiditySeconds = 0;
@JsonAlias("refresh_token_validity_seconds")
private Integer refreshTokenValiditySeconds = 0;
@JsonAlias("resources")
private Set<String> resourceIds = new HashSet<>();
@JsonAlias("reuse_refresh_token")
private boolean reuseRefreshToken = true;
@JsonAlias("id_token_validity_seconds")
private Integer idTokenValiditySeconds;
@JsonAlias("clear_access_tokens_on_refresh")
private boolean clearAccessTokensOnRefresh = true;
@JsonAlias("device_code_validity_seconds")
private Integer deviceCodeValiditySeconds = 0;
@JsonAlias("claim_redirect_uris")
private Set<String> claimsRedirectUris = new HashSet<>();
@JsonAlias("software_statement")
private String softwareStatement;
@JsonAlias("code_challenge_method")
private String codeChallengeMethod;
}
......@@ -25,6 +25,7 @@ import org.springframework.stereotype.Service;
import org.springframework.util.StringUtils;
import java.text.ParseException;
import java.util.HashSet;
import java.util.Set;
import java.util.UUID;
......@@ -125,8 +126,11 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
if (!AuthMethod.isSupported(tokenEndpointAuthMethod)) {
throw new InvalidRequestException("Unsupported token endpoint auth method: " + tokenEndpointAuthMethod);
}
Set<String> scope = clientRequest.getScope();
if (scope != null && !scope.isEmpty()) {
if (scope == null) {
clientRequest.setScope(new HashSet<>());
} else if (!scope.isEmpty()) {
Set<SystemScope> allScopes = scopeService.getAll();
for (String scopeStr: scope) {
if (!allScopes.contains(scopeService.fromString(scopeStr))) {
......@@ -144,23 +148,44 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
"refresh_token",
"urn:ietf:params:oauth:grant-type:token-exchange",
"urn:ietf:params:oauth:grant-type:device_code");
if (grants != null && !grants.isEmpty()) {
if (grants == null) {
clientRequest.setGrantTypes(new HashSet<>());
grants = clientRequest.getGrantTypes();
} else if (!grants.isEmpty()) {
for (String grant : grants) {
if (!supportedGrants.contains(grant)) {
throw new InvalidRequestException("Unsupported grant type requested: " + grant);
}
}
}
//TODO: check grants are supported by injecting the configuration of supported response types
Set<String> responseTypes = clientRequest.getResponseTypes();
Set<String> supportedResponseTypes = Set.of("code", "token id_token");
if (responseTypes != null && !responseTypes.isEmpty()) {
Set<String> supportedResponseTypes = Set.of("code", "token id_token", "id_token token");
if (responseTypes == null) {
clientRequest.setResponseTypes(new HashSet<>());
responseTypes = clientRequest.getResponseTypes();
} else if (!responseTypes.isEmpty()) {
for (String responseType : responseTypes) {
if (!supportedResponseTypes.contains(responseType)) {
throw new InvalidRequestException("Unsupported response type requested: " + responseType);
}
}
}
if (grants.contains("authorization_code") && (!responseTypes.contains("code"))) {
throw new InvalidRequestException("Grant 'authorization_code' requires response type 'code'");
}
if (grants.contains("implicit")
&& !responseTypes.contains("token")
&& !responseTypes.contains("token id_token")
&& !responseTypes.contains("id_token token")
) {
throw new InvalidRequestException("Grant 'implicit' requires response type 'token id_token' or 'id_token'");
}
if (!grants.contains("authorization_code") && !grants.contains("implicit") && !responseTypes.isEmpty()) {
throw new InvalidRequestException("Requested grant types do not match with response types (should be empty)");
}
if (StringUtils.hasText(clientRequest.getJwks())) {
try {
JWKSet.parse(clientRequest.getJwks());
......@@ -322,6 +347,7 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
client.setClearAccessTokensOnRefresh(requestedRegistration.isClearAccessTokensOnRefresh());
client.setDeviceCodeValiditySeconds(requestedRegistration.getDeviceCodeValiditySeconds());
client.setClaimsRedirectUris(requestedRegistration.getClaimsRedirectUris());
if (StringUtils.hasText(requestedRegistration.getSoftwareStatement())) {
client.setSoftwareStatement(JWTParser.parse(requestedRegistration.getSoftwareStatement()));
}
......@@ -329,6 +355,7 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
if (StringUtils.hasText(requestedRegistration.getCodeChallengeMethod())) {
client.setCodeChallengeMethod(PKCEAlgorithm.getByAlgorithmName(requestedRegistration.getCodeChallengeMethod()));
}
client.setDynamicallyRegistered(true);
client.setAcceptedTos(tokenClient.isAcceptedTos());
client.setJurisdiction(tokenClient.getJurisdiction());
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment