Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found
Select Git revision
  • dBucik/endpoint_auth_methods
  • dBucik/skip_logout_confirm
  • fix_juridiction
  • main
  • revert-d2e009d2
  • token_endpoint_auth_methods
  • mitreid-connect-0.9.0
  • mitreid-connect-0.9.1
  • mitreid-connect-0.9.2
  • mitreid-connect-0.9.3
  • mitreid-connect-1.0.0
  • mitreid-connect-1.0.1
  • mitreid-connect-1.0.10
  • mitreid-connect-1.0.11
  • mitreid-connect-1.0.12
  • mitreid-connect-1.0.13
  • mitreid-connect-1.0.14
  • mitreid-connect-1.0.15
  • mitreid-connect-1.0.16
  • mitreid-connect-1.0.17
  • mitreid-connect-1.0.18
  • mitreid-connect-1.0.19
  • mitreid-connect-1.0.2
  • mitreid-connect-1.0.20
  • mitreid-connect-1.0.21
  • mitreid-connect-1.0.22
  • mitreid-connect-1.0.3
  • mitreid-connect-1.0.4
  • mitreid-connect-1.0.5
  • mitreid-connect-1.0.6
  • mitreid-connect-1.0.7
  • mitreid-connect-1.0.8
  • mitreid-connect-1.0.9
  • mitreid-connect-1.1.0
  • mitreid-connect-1.1.1
  • mitreid-connect-1.1.10
  • mitreid-connect-1.1.11
  • mitreid-connect-1.1.12
  • mitreid-connect-1.1.13
  • mitreid-connect-1.1.14
  • mitreid-connect-1.1.15
  • mitreid-connect-1.1.16
  • mitreid-connect-1.1.17
  • mitreid-connect-1.1.18
  • mitreid-connect-1.1.19
  • mitreid-connect-1.1.2
  • mitreid-connect-1.1.3
  • mitreid-connect-1.1.4
  • mitreid-connect-1.1.5
  • mitreid-connect-1.1.6
  • mitreid-connect-1.1.7
  • mitreid-connect-1.1.8
  • mitreid-connect-1.1.9
  • mitreid-connect-1.2.0
  • mitreid-connect-1.2.0-RC1
  • mitreid-connect-1.2.0-RC2
  • mitreid-connect-1.2.1
  • mitreid-connect-1.2.2
  • mitreid-connect-1.2.3
  • mitreid-connect-1.2.4
  • mitreid-connect-1.2.5
  • mitreid-connect-1.2.6
  • mitreid-connect-1.3.0
  • mitreid-connect-1.3.0-RC1
  • mitreid-connect-1.3.0-RC2
  • mitreid-connect-1.3.1
  • mitreid-connect-1.3.2
  • mitreid-connect-1.3.3
  • v10.0.0
  • v10.0.1
  • v10.0.2
  • v10.0.3
  • v10.1.0
  • v10.1.1
  • v10.1.2
  • v10.1.3
  • v10.2.0
  • v10.2.1
  • v10.3.0
  • v10.3.1
  • v10.3.2
  • v10.3.3
  • v10.3.4
  • v10.4.0
  • v10.5.0
  • v10.5.1
  • v10.5.2
  • v10.5.3
  • v10.5.4
  • v11.0.0
  • v11.0.1
  • v11.0.2
  • v11.0.3
  • v12.0.0
  • v12.0.1
  • v12.0.2
  • v12.0.3
  • v12.0.4
  • v12.0.5
  • v12.1.0
  • v12.1.1
  • v12.1.2
  • v12.1.3
  • v12.1.4
  • v12.1.5
  • v12.1.6
106 results

Target

Select target project
  • perun/perun-proxyidp/v1/OpenID-Connect-Java-Spring-Server
1 result
Select Git revision
  • dBucik/endpoint_auth_methods
  • dBucik/skip_logout_confirm
  • fix_juridiction
  • main
  • revert-d2e009d2
  • token_endpoint_auth_methods
  • mitreid-connect-0.9.0
  • mitreid-connect-0.9.1
  • mitreid-connect-0.9.2
  • mitreid-connect-0.9.3
  • mitreid-connect-1.0.0
  • mitreid-connect-1.0.1
  • mitreid-connect-1.0.10
  • mitreid-connect-1.0.11
  • mitreid-connect-1.0.12
  • mitreid-connect-1.0.13
  • mitreid-connect-1.0.14
  • mitreid-connect-1.0.15
  • mitreid-connect-1.0.16
  • mitreid-connect-1.0.17
  • mitreid-connect-1.0.18
  • mitreid-connect-1.0.19
  • mitreid-connect-1.0.2
  • mitreid-connect-1.0.20
  • mitreid-connect-1.0.21
  • mitreid-connect-1.0.22
  • mitreid-connect-1.0.3
  • mitreid-connect-1.0.4
  • mitreid-connect-1.0.5
  • mitreid-connect-1.0.6
  • mitreid-connect-1.0.7
  • mitreid-connect-1.0.8
  • mitreid-connect-1.0.9
  • mitreid-connect-1.1.0
  • mitreid-connect-1.1.1
  • mitreid-connect-1.1.10
  • mitreid-connect-1.1.11
  • mitreid-connect-1.1.12
  • mitreid-connect-1.1.13
  • mitreid-connect-1.1.14
  • mitreid-connect-1.1.15
  • mitreid-connect-1.1.16
  • mitreid-connect-1.1.17
  • mitreid-connect-1.1.18
  • mitreid-connect-1.1.19
  • mitreid-connect-1.1.2
  • mitreid-connect-1.1.3
  • mitreid-connect-1.1.4
  • mitreid-connect-1.1.5
  • mitreid-connect-1.1.6
  • mitreid-connect-1.1.7
  • mitreid-connect-1.1.8
  • mitreid-connect-1.1.9
  • mitreid-connect-1.2.0
  • mitreid-connect-1.2.0-RC1
  • mitreid-connect-1.2.0-RC2
  • mitreid-connect-1.2.1
  • mitreid-connect-1.2.2
  • mitreid-connect-1.2.3
  • mitreid-connect-1.2.4
  • mitreid-connect-1.2.5
  • mitreid-connect-1.2.6
  • mitreid-connect-1.3.0
  • mitreid-connect-1.3.0-RC1
  • mitreid-connect-1.3.0-RC2
  • mitreid-connect-1.3.1
  • mitreid-connect-1.3.2
  • mitreid-connect-1.3.3
  • v10.0.0
  • v10.0.1
  • v10.0.2
  • v10.0.3
  • v10.1.0
  • v10.1.1
  • v10.1.2
  • v10.1.3
  • v10.2.0
  • v10.2.1
  • v10.3.0
  • v10.3.1
  • v10.3.2
  • v10.3.3
  • v10.3.4
  • v10.4.0
  • v10.5.0
  • v10.5.1
  • v10.5.2
  • v10.5.3
  • v10.5.4
  • v11.0.0
  • v11.0.1
  • v11.0.2
  • v11.0.3
  • v12.0.0
  • v12.0.1
  • v12.0.2
  • v12.0.3
  • v12.0.4
  • v12.0.5
  • v12.1.0
  • v12.1.1
  • v12.1.2
  • v12.1.3
  • v12.1.4
  • v12.1.5
  • v12.1.6
106 results
Show changes
Commits on Source (4)
## [17.1.3](https://gitlab.ics.muni.cz/perun/perun-proxyidp/v1/OpenID-Connect-Java-Spring-Server/compare/v17.1.2...v17.1.3) (2024-02-14)
### Bug Fixes
* 🐛 default values for dynreg ([93f2a85](https://gitlab.ics.muni.cz/perun/perun-proxyidp/v1/OpenID-Connect-Java-Spring-Server/commit/93f2a85b46df5419eb20286bc69cb633ec471c47))
* 🐛 remove addit. info. (aud, resource) from token responses ([0e0996d](https://gitlab.ics.muni.cz/perun/perun-proxyidp/v1/OpenID-Connect-Java-Spring-Server/commit/0e0996d228afdb788e66e6fe35b5338db9caac37))
## [17.1.2](https://gitlab.ics.muni.cz/perun/perun-proxyidp/v1/OpenID-Connect-Java-Spring-Server/compare/v17.1.1...v17.1.2) (2024-02-14) ## [17.1.2](https://gitlab.ics.muni.cz/perun/perun-proxyidp/v1/OpenID-Connect-Java-Spring-Server/compare/v17.1.1...v17.1.2) (2024-02-14)
......
...@@ -21,7 +21,7 @@ ...@@ -21,7 +21,7 @@
<parent> <parent>
<groupId>cz.muni.ics</groupId> <groupId>cz.muni.ics</groupId>
<artifactId>perun-oidc-parent</artifactId> <artifactId>perun-oidc-parent</artifactId>
<version>17.1.2</version> <version>17.1.3</version>
<relativePath>../pom.xml</relativePath> <relativePath>../pom.xml</relativePath>
</parent> </parent>
......
...@@ -22,7 +22,7 @@ ...@@ -22,7 +22,7 @@
<parent> <parent>
<groupId>cz.muni.ics</groupId> <groupId>cz.muni.ics</groupId>
<artifactId>perun-oidc-parent</artifactId> <artifactId>perun-oidc-parent</artifactId>
<version>17.1.2</version> <version>17.1.3</version>
<relativePath>../pom.xml</relativePath> <relativePath>../pom.xml</relativePath>
</parent> </parent>
......
...@@ -40,7 +40,7 @@ public class DynamicallyRegisteredRequestBody { ...@@ -40,7 +40,7 @@ public class DynamicallyRegisteredRequestBody {
private String tosUri; private String tosUri;
@JsonAlias("token_endpoint_auth_method") @JsonAlias("token_endpoint_auth_method")
private String tokenEndpointAuthMethod; private String tokenEndpointAuthMethod = "client_secret_basic";
@JsonAlias("scope") @JsonAlias("scope")
private Set<String> scope = new HashSet<>(); private Set<String> scope = new HashSet<>();
...@@ -118,25 +118,25 @@ public class DynamicallyRegisteredRequestBody { ...@@ -118,25 +118,25 @@ public class DynamicallyRegisteredRequestBody {
private Set<String> requestUris = new HashSet<>(); private Set<String> requestUris = new HashSet<>();
@JsonAlias("access_token_validity_seconds") @JsonAlias("access_token_validity_seconds")
private Integer accessTokenValiditySeconds = 0; private Integer accessTokenValiditySeconds = 3600;
@JsonAlias("refresh_token_validity_seconds") @JsonAlias("refresh_token_validity_seconds")
private Integer refreshTokenValiditySeconds = 0; private Integer refreshTokenValiditySeconds = 28800;
@JsonAlias("resources") @JsonAlias("resources")
private Set<String> resource = new HashSet<>(); private Set<String> resource = new HashSet<>();
@JsonAlias("reuse_refresh_token") @JsonAlias("reuse_refresh_token")
private boolean reuseRefreshToken = true; private boolean reuseRefreshToken = false;
@JsonAlias("id_token_validity_seconds") @JsonAlias("id_token_validity_seconds")
private Integer idTokenValiditySeconds; private Integer idTokenValiditySeconds = 3600;
@JsonAlias("clear_access_tokens_on_refresh") @JsonAlias("clear_access_tokens_on_refresh")
private boolean clearAccessTokensOnRefresh = true; private boolean clearAccessTokensOnRefresh = true;
@JsonAlias("device_code_validity_seconds") @JsonAlias("device_code_validity_seconds")
private Integer deviceCodeValiditySeconds = 0; private Integer deviceCodeValiditySeconds = 300;
@JsonAlias("claim_redirect_uris") @JsonAlias("claim_redirect_uris")
private Set<String> claimsRedirectUris = new HashSet<>(); private Set<String> claimsRedirectUris = new HashSet<>();
......
...@@ -253,6 +253,8 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi ...@@ -253,6 +253,8 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
token.setApprovedSite(ap); token.setApprovedSite(ap);
} }
Set<String> aud = new HashSet<>();
aud.add(client.getClientId());
if (originalAuthRequest.getResourceIds() != null && !originalAuthRequest.getResourceIds().isEmpty()) { if (originalAuthRequest.getResourceIds() != null && !originalAuthRequest.getResourceIds().isEmpty()) {
if (!clientDetailsService.checkResourceIdsAreAllowedForClient( if (!clientDetailsService.checkResourceIdsAreAllowedForClient(
client.getClientId(), originalAuthRequest.getResourceIds()) client.getClientId(), originalAuthRequest.getResourceIds())
...@@ -266,17 +268,15 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi ...@@ -266,17 +268,15 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
resourceIds.add(client.getClientId()); resourceIds.add(client.getClientId());
token.getAdditionalInformation().put(RESOURCE, resourceIds); token.getAdditionalInformation().put(RESOURCE, resourceIds);
} }
aud.addAll(originalAuthRequest.getResourceIds());
} }
token.getAdditionalInformation().put(RESOURCE, aud);
OAuth2AccessTokenEntity enhancedToken = (OAuth2AccessTokenEntity) tokenEnhancer.enhance(token, authentication); OAuth2AccessTokenEntity enhancedToken = (OAuth2AccessTokenEntity) tokenEnhancer.enhance(token, authentication);
// attach a refresh token, if this client is allowed to request them and the user gets the offline scope // attach a refresh token, if this client is allowed to request them and the user gets the offline scope
if (client.isAllowRefresh() && token.getScope().contains(SystemScopeService.OFFLINE_ACCESS)) { if (client.isAllowRefresh() && token.getScope().contains(SystemScopeService.OFFLINE_ACCESS)) {
OAuth2RefreshTokenEntity savedRefreshToken = createRefreshToken( OAuth2RefreshTokenEntity savedRefreshToken = createRefreshToken(client, authHolder, aud);
client,
authHolder,
(Set<String>) token.getAdditionalInformation().getOrDefault(RESOURCE, new HashSet<>())
);
token.setRefreshToken(savedRefreshToken); token.setRefreshToken(savedRefreshToken);
} }
...@@ -306,13 +306,12 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi ...@@ -306,13 +306,12 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
refreshClaims.jwtID(UUID.randomUUID().toString()); refreshClaims.jwtID(UUID.randomUUID().toString());
refreshClaims.issuer(configBean.getIssuer()); refreshClaims.issuer(configBean.getIssuer());
if (resources == null || resources.isEmpty()) { if (resources == null || resources.isEmpty()) {
String audience = client.getClientId(); resources = new HashSet<>();
if (!Strings.isNullOrEmpty(audience)) { }
refreshClaims.audience(Lists.newArrayList(audience)); if (!Strings.isNullOrEmpty(client.getClientId())) {
} resources.add(client.getClientId());
} else {
refreshClaims.audience(new ArrayList<>(resources));
} }
refreshClaims.audience(Lists.newArrayList(resources));
JWTClaimsSet claims = refreshClaims.build(); JWTClaimsSet claims = refreshClaims.build();
...@@ -417,7 +416,9 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi ...@@ -417,7 +416,9 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
token.setExpiration(expiration); token.setExpiration(expiration);
} }
Set<String> resources = new HashSet<>(); Set<String> aud = new HashSet<>();
aud.add(client.getClientId());
if (refreshToken.getJwt() != null) { if (refreshToken.getJwt() != null) {
JWTClaimsSet claimsSet; JWTClaimsSet claimsSet;
try { try {
...@@ -428,21 +429,20 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi ...@@ -428,21 +429,20 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
if (claimsSet != null) { if (claimsSet != null) {
List<String> audience = claimsSet.getAudience(); List<String> audience = claimsSet.getAudience();
if (audience != null && !audience.isEmpty()) { if (audience != null && !audience.isEmpty()) {
resources = new HashSet<>(audience); aud.addAll(audience);
token.getAdditionalInformation().put(AUD, audience.get(0));
if (audience.size() > 1) {
token.getAdditionalInformation().put(RESOURCE, resources);
}
} }
} }
} }
token.getAdditionalInformation().put(AUD, aud);
token.getAdditionalInformation().put(RESOURCE, aud);
if (client.isReuseRefreshToken()) { if (client.isReuseRefreshToken()) {
// if the client re-uses refresh tokens, do that // if the client re-uses refresh tokens, do that
token.setRefreshToken(refreshToken); token.setRefreshToken(refreshToken);
} else { } else {
// otherwise, make a new refresh token // otherwise, make a new refresh token
OAuth2RefreshTokenEntity newRefresh = createRefreshToken(client, authHolder, resources); OAuth2RefreshTokenEntity newRefresh = createRefreshToken(client, authHolder, aud);
token.setRefreshToken(newRefresh); token.setRefreshToken(newRefresh);
// clean up the old refresh token // clean up the old refresh token
......
...@@ -33,11 +33,11 @@ import java.util.Set; ...@@ -33,11 +33,11 @@ import java.util.Set;
import java.util.UUID; import java.util.UUID;
import static cz.muni.ics.oauth2.service.IntrospectionResultAssembler.ACR; import static cz.muni.ics.oauth2.service.IntrospectionResultAssembler.ACR;
import static cz.muni.ics.oauth2.service.IntrospectionResultAssembler.AUD;
import static cz.muni.ics.oauth2.service.IntrospectionResultAssembler.AUTH_TIME; import static cz.muni.ics.oauth2.service.IntrospectionResultAssembler.AUTH_TIME;
import static cz.muni.ics.oauth2.service.IntrospectionResultAssembler.CLIENT_ID; import static cz.muni.ics.oauth2.service.IntrospectionResultAssembler.CLIENT_ID;
import static cz.muni.ics.oauth2.service.IntrospectionResultAssembler.SCOPE; import static cz.muni.ics.oauth2.service.IntrospectionResultAssembler.SCOPE;
import static cz.muni.ics.oauth2.service.IntrospectionResultAssembler.SCOPE_SEPARATOR; import static cz.muni.ics.oauth2.service.IntrospectionResultAssembler.SCOPE_SEPARATOR;
import static cz.muni.ics.openid.connect.request.ConnectRequestParameters.AUD;
import static cz.muni.ics.openid.connect.request.ConnectRequestParameters.RESOURCE; import static cz.muni.ics.openid.connect.request.ConnectRequestParameters.RESOURCE;
/** /**
...@@ -104,7 +104,9 @@ public class PerunAccessTokenEnhancer implements TokenEnhancer { ...@@ -104,7 +104,9 @@ public class PerunAccessTokenEnhancer implements TokenEnhancer {
audience.add(client.getClientId()); audience.add(client.getClientId());
if (token.getAdditionalInformation().containsKey(RESOURCE)) { if (token.getAdditionalInformation().containsKey(RESOURCE)) {
audience.addAll((Set<String>) token.getAdditionalInformation().getOrDefault(RESOURCE, new HashSet<>())); audience.addAll((Set<String>) token.getAdditionalInformation().getOrDefault(RESOURCE, new HashSet<>()));
token.getAdditionalInformation().remove(RESOURCE);
} }
String audExtension = (String) authentication.getOAuth2Request().getExtensions().getOrDefault(AUD, null); String audExtension = (String) authentication.getOAuth2Request().getExtensions().getOrDefault(AUD, null);
if (StringUtils.hasText(audExtension)) { if (StringUtils.hasText(audExtension)) {
audience.add(audExtension); audience.add(audExtension);
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion> <modelVersion>4.0.0</modelVersion>
<groupId>cz.muni.ics</groupId> <groupId>cz.muni.ics</groupId>
<artifactId>perun-oidc-parent</artifactId> <artifactId>perun-oidc-parent</artifactId>
<version>17.1.2</version> <version>17.1.3</version>
<packaging>pom</packaging> <packaging>pom</packaging>
<modules> <modules>
......