You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/12/20 15:22:11 UTC
cxf git commit: Reflecting that the hybrid is a combination of
authorization_code and implicit flows as per the dynreg spec, etc
Repository: cxf
Updated Branches:
refs/heads/master 052582d56 -> 6173599f9
Reflecting that the hybrid is a combination of authorization_code and implicit flows as per the dynreg spec, etc
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6173599f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6173599f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6173599f
Branch: refs/heads/master
Commit: 6173599f9306602fa756924eb04ea0cd87ce5010
Parents: 052582d
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Tue Dec 20 15:21:56 2016 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Tue Dec 20 15:21:56 2016 +0000
----------------------------------------------------------------------
.../oauth2/grants/code/AuthorizationCodeGrantHandler.java | 5 +++++
.../apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java | 2 +-
.../org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java | 2 +-
.../java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java | 2 --
4 files changed, 7 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/6173599f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
index 7da48ef..7e65c07 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
@@ -123,7 +123,12 @@ public class AuthorizationCodeGrantHandler extends AbstractGrantHandler {
throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
}
}
+ // Make sure the client supports the authorization code in cases where
+ // the implicit/hybrid service was initiating the code grant processing flow
+ if (!client.getAllowedGrantTypes().isEmpty() && !client.getAllowedGrantTypes().contains(requestedGrant)) {
+ throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
+ }
// Delegate to the data provider to create the one
AccessTokenRegistration reg = new AccessTokenRegistration();
reg.setGrantCode(grant.getCode());
http://git-wip-us.apache.org/repos/asf/cxf/blob/6173599f/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
index 08d6735..f7ed11f 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
@@ -46,7 +46,7 @@ public class IdTokenResponseFilter extends OAuthServerJoseJwtProducer implements
public void process(ClientAccessToken ct, ServerAccessToken st) {
if (st.getResponseType() != null
&& OidcUtils.CODE_AT_RESPONSE_TYPE.equals(st.getResponseType())
- && OidcUtils.HYBRID_FLOW.equals(st.getGrantType())) {
+ && OAuthConstants.IMPLICIT_GRANT.equals(st.getGrantType())) {
// token post-processing as part of the current hybrid (implicit) flow
// so no id_token is returned now - however when the code gets exchanged later on
// this filter will add id_token to the returned access token
http://git-wip-us.apache.org/repos/asf/cxf/blob/6173599f/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
index 708ad0a..3667389 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
@@ -44,7 +44,7 @@ public class OidcHybridService extends OidcImplicitService {
this(false);
}
public OidcHybridService(boolean hybridOnly) {
- super(getResponseTypes(hybridOnly), OidcUtils.HYBRID_FLOW);
+ super(getResponseTypes(hybridOnly), OAuthConstants.IMPLICIT_GRANT);
}
private static Set<String> getResponseTypes(boolean hybridOnly) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/6173599f/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
index 3bbc63a..6aa5725 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
@@ -47,8 +47,6 @@ public final class OidcUtils {
public static final String CODE_ID_TOKEN_RESPONSE_TYPE = "code id_token";
public static final String CODE_ID_TOKEN_AT_RESPONSE_TYPE = "code id_token token";
- public static final String HYBRID_FLOW = "hybrid";
-
public static final String ID_TOKEN = "id_token";
public static final String OPENID_SCOPE = "openid";
public static final String PROFILE_SCOPE = "profile";