You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2019/11/15 13:15:38 UTC
[cxf] branch master updated: Some OIDC changes relating to public
clients
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new 9818f48 Some OIDC changes relating to public clients
9818f48 is described below
commit 9818f48525c07bfe23af8f3a5c2d735f3953d02f
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Nov 15 13:15:17 2019 +0000
Some OIDC changes relating to public clients
---
.../grants/code/AuthorizationCodeGrantHandler.java | 2 +-
.../services/AuthorizationCodeGrantService.java | 3 +--
.../security/oauth2/grants/PublicClientTest.java | 20 ++++++++++++++++++++
3 files changed, 22 insertions(+), 3 deletions(-)
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
index 22557e7..f32b0df 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
@@ -67,7 +67,7 @@ public class AuthorizationCodeGrantHandler extends AbstractGrantHandler {
String expectedRedirectUri = grant.getRedirectUri();
String providedRedirectUri = params.getFirst(OAuthConstants.REDIRECT_URI);
if (providedRedirectUri != null) {
- if (expectedRedirectUri == null || !providedRedirectUri.equals(expectedRedirectUri)) {
+ if (!providedRedirectUri.equals(expectedRedirectUri)) {
throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST);
}
} else if (expectedRedirectUri == null && !isCanSupportPublicClients()
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
index 77ae3bf..676515a2 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
@@ -209,8 +209,7 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
protected boolean canRedirectUriBeEmpty(Client c) {
// If a redirect URI is empty then the code will be returned out of band,
// typically will be returned directly to a human user
- return (c.isConfidential() && canSupportEmptyRedirectForPrivateClients || canSupportPublicClient(c))
- && c.getRedirectUris().isEmpty();
+ return c.isConfidential() && canSupportEmptyRedirectForPrivateClients;
}
public void setCanSupportPublicClients(boolean support) {
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java
index 606aee0..455ba0e 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java
@@ -90,6 +90,26 @@ public class PublicClientTest extends AbstractBusClientServerTestBase {
}
@org.junit.Test
+ public void testAuthorizationCodeGrantNoRedirectURI() throws Exception {
+ URL busFile = PublicClientTest.class.getResource("publicclient.xml");
+
+ String address = "https://localhost:" + JCACHE_PORT + "/services/";
+ WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
+ "alice", "security", busFile.toString());
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ // Get Authorization Code
+ try {
+ OAuth2TestUtils.getAuthorizationCode(client, null, "fredPublic");
+ fail("Failure expected on a missing (registered) redirectURI");
+ } catch (Exception ex) {
+ // expected
+ }
+ }
+
+ @org.junit.Test
public void testPKCEPlain() throws Exception {
URL busFile = PublicClientTest.class.getResource("publicclient.xml");