cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Reflecting that the hybrid is a combination of authorization_code and implicit flows as per the dynreg spec, etc
Date Tue, 20 Dec 2016 15:23:08 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 713050c92 -> e1d841c6b


Reflecting that the hybrid is a combination of authorization_code and implicit flows as per
the dynreg spec, etc


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e1d841c6
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e1d841c6
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e1d841c6

Branch: refs/heads/3.1.x-fixes
Commit: e1d841c6ba4b0cad5b90a584cb3eefac3f0cb9a9
Parents: 713050c
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Tue Dec 20 15:21:56 2016 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Tue Dec 20 15:22:50 2016 +0000

----------------------------------------------------------------------
 .../oauth2/grants/code/AuthorizationCodeGrantHandler.java       | 5 +++++
 .../apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java  | 2 +-
 .../org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java  | 2 +-
 .../java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java   | 2 --
 4 files changed, 7 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e1d841c6/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
index 97ba3dd..4e1121e 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
@@ -123,7 +123,12 @@ public class AuthorizationCodeGrantHandler extends AbstractGrantHandler
{
                 throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
             }
         }
+        // Make sure the client supports the authorization code in cases where 
+        // the implicit/hybrid service was initiating the code grant processing flow
         
+        if (!client.getAllowedGrantTypes().isEmpty() && !client.getAllowedGrantTypes().contains(requestedGrant))
{
+            throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
+        }
         // Delegate to the data provider to create the one
         AccessTokenRegistration reg = new AccessTokenRegistration();
         reg.setGrantCode(grant.getCode());

http://git-wip-us.apache.org/repos/asf/cxf/blob/e1d841c6/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
index 08d6735..f7ed11f 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
@@ -46,7 +46,7 @@ public class IdTokenResponseFilter extends OAuthServerJoseJwtProducer implements
     public void process(ClientAccessToken ct, ServerAccessToken st) {
         if (st.getResponseType() != null
             && OidcUtils.CODE_AT_RESPONSE_TYPE.equals(st.getResponseType())
-            && OidcUtils.HYBRID_FLOW.equals(st.getGrantType())) {
+            && OAuthConstants.IMPLICIT_GRANT.equals(st.getGrantType())) {
             // token post-processing as part of the current hybrid (implicit) flow
             // so no id_token is returned now - however when the code gets exchanged later
on
             // this filter will add id_token to the returned access token

http://git-wip-us.apache.org/repos/asf/cxf/blob/e1d841c6/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
index 708ad0a..3667389 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
@@ -44,7 +44,7 @@ public class OidcHybridService extends OidcImplicitService {
         this(false);
     }
     public OidcHybridService(boolean hybridOnly) {
-        super(getResponseTypes(hybridOnly), OidcUtils.HYBRID_FLOW);
+        super(getResponseTypes(hybridOnly), OAuthConstants.IMPLICIT_GRANT);
     }
     
     private static Set<String> getResponseTypes(boolean hybridOnly) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/e1d841c6/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
index 3bbc63a..6aa5725 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
@@ -47,8 +47,6 @@ public final class OidcUtils {
     public static final String CODE_ID_TOKEN_RESPONSE_TYPE = "code id_token";
     public static final String CODE_ID_TOKEN_AT_RESPONSE_TYPE = "code id_token token";
     
-    public static final String HYBRID_FLOW = "hybrid";
-    
     public static final String ID_TOKEN = "id_token";
     public static final String OPENID_SCOPE = "openid";
     public static final String PROFILE_SCOPE = "profile";


Mime
View raw message