You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/12/20 15:22:11 UTC

cxf git commit: Reflecting that the hybrid is a combination of authorization_code and implicit flows as per the dynreg spec, etc

Repository: cxf
Updated Branches:
  refs/heads/master 052582d56 -> 6173599f9


Reflecting that the hybrid is a combination of authorization_code and implicit flows as per the dynreg spec, etc


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6173599f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6173599f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6173599f

Branch: refs/heads/master
Commit: 6173599f9306602fa756924eb04ea0cd87ce5010
Parents: 052582d
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Tue Dec 20 15:21:56 2016 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Tue Dec 20 15:21:56 2016 +0000

----------------------------------------------------------------------
 .../oauth2/grants/code/AuthorizationCodeGrantHandler.java       | 5 +++++
 .../apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java  | 2 +-
 .../org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java  | 2 +-
 .../java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java   | 2 --
 4 files changed, 7 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/6173599f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
index 7da48ef..7e65c07 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
@@ -123,7 +123,12 @@ public class AuthorizationCodeGrantHandler extends AbstractGrantHandler {
                 throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
             }
         }
+        // Make sure the client supports the authorization code in cases where 
+        // the implicit/hybrid service was initiating the code grant processing flow
         
+        if (!client.getAllowedGrantTypes().isEmpty() && !client.getAllowedGrantTypes().contains(requestedGrant)) {
+            throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
+        }
         // Delegate to the data provider to create the one
         AccessTokenRegistration reg = new AccessTokenRegistration();
         reg.setGrantCode(grant.getCode());

http://git-wip-us.apache.org/repos/asf/cxf/blob/6173599f/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
index 08d6735..f7ed11f 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
@@ -46,7 +46,7 @@ public class IdTokenResponseFilter extends OAuthServerJoseJwtProducer implements
     public void process(ClientAccessToken ct, ServerAccessToken st) {
         if (st.getResponseType() != null
             && OidcUtils.CODE_AT_RESPONSE_TYPE.equals(st.getResponseType())
-            && OidcUtils.HYBRID_FLOW.equals(st.getGrantType())) {
+            && OAuthConstants.IMPLICIT_GRANT.equals(st.getGrantType())) {
             // token post-processing as part of the current hybrid (implicit) flow
             // so no id_token is returned now - however when the code gets exchanged later on
             // this filter will add id_token to the returned access token

http://git-wip-us.apache.org/repos/asf/cxf/blob/6173599f/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
index 708ad0a..3667389 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
@@ -44,7 +44,7 @@ public class OidcHybridService extends OidcImplicitService {
         this(false);
     }
     public OidcHybridService(boolean hybridOnly) {
-        super(getResponseTypes(hybridOnly), OidcUtils.HYBRID_FLOW);
+        super(getResponseTypes(hybridOnly), OAuthConstants.IMPLICIT_GRANT);
     }
     
     private static Set<String> getResponseTypes(boolean hybridOnly) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/6173599f/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
index 3bbc63a..6aa5725 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
@@ -47,8 +47,6 @@ public final class OidcUtils {
     public static final String CODE_ID_TOKEN_RESPONSE_TYPE = "code id_token";
     public static final String CODE_ID_TOKEN_AT_RESPONSE_TYPE = "code id_token token";
     
-    public static final String HYBRID_FLOW = "hybrid";
-    
     public static final String ID_TOKEN = "id_token";
     public static final String OPENID_SCOPE = "openid";
     public static final String PROFILE_SCOPE = "profile";