You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/02/29 16:00:04 UTC
cxf-fediz git commit: Add configurable scope
Repository: cxf-fediz
Updated Branches:
refs/heads/master 706971b73 -> da3964183
Add configurable scope
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/da396418
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/da396418
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/da396418
Branch: refs/heads/master
Commit: da39641839b909614b1ea52ba75475a7fac333fb
Parents: 706971b
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Feb 29 14:59:49 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Feb 29 14:59:49 2016 +0000
----------------------------------------------------------------------
.../TrustedIdpOIDCProtocolHandler.java | 21 +++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/da396418/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
index cb7fc52..cbe386e 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
@@ -110,6 +110,12 @@ public class TrustedIdpOIDCProtocolHandler implements TrustedIdpProtocolHandler
*/
public static final String SUBJECT_CLAIM = "subject.claim";
+ /**
+ * Additional (space-separated) parameters to be sent in the "scope" to the authorization endpoint.
+ * Fediz will automatically use "openid" for this value.
+ */
+ public static final String SCOPE = "scope";
+
public static final String PROTOCOL = "openid-connect-1.0";
private static final Logger LOG = LoggerFactory.getLogger(TrustedIdpOIDCProtocolHandler.class);
@@ -134,6 +140,19 @@ public class TrustedIdpOIDCProtocolHandler implements TrustedIdpProtocolHandler
throw new IllegalStateException("No CLIENT_ID specified");
}
+ String scope = getProperty(trustedIdp, SCOPE);
+ if (scope != null) {
+ scope = scope.trim();
+ if (!scope.startsWith("openid")) {
+ scope = "openid " + scope;
+ }
+ }
+
+ if (scope == null || scope.isEmpty()) {
+ scope = "openid";
+ }
+ LOG.debug("Using scope: {}", scope);
+
try {
StringBuilder sb = new StringBuilder();
sb.append(trustedIdp.getUrl());
@@ -148,7 +167,7 @@ public class TrustedIdpOIDCProtocolHandler implements TrustedIdpProtocolHandler
sb.append(URLEncoder.encode(idp.getIdpUrl().toString(), "UTF-8"));
sb.append("&");
sb.append("scope").append('=');
- sb.append("openid");
+ sb.append(URLEncoder.encode(scope, "UTF-8"));
String state = context.getFlowScope().getString(IdpConstants.TRUSTED_IDP_CONTEXT);
sb.append("&").append("state").append('=');