-
Notifications
You must be signed in to change notification settings - Fork 826
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[PKCE] allowpublic client option for grant_type authorization_code us…
…ing PKCE with S256 method (#1888) * [WIP] allowpublic client option corresponding to autoapprove Info: allowpublic is an optional flag similar to autoapprove to define behaviour in oauth2 flow. The option allow to omit client_secret parameter and/or client authentication in grant_type authorization_code. Escpecially mobile scenarios showed the need for such option, because other OpenID providers allow in meanwhile similar use cases. * support update of client * add runtime support for public client usage * formattings * formatting * add tests * sonar * tests * support update of client * Add example for login client allowpublic = true means, client_secret can be omitted * Update documentation * refactor grant_type check for public use and add more tests * version updated
- Loading branch information
Showing
19 changed files
with
391 additions
and
23 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
24 changes: 24 additions & 0 deletions
24
server/src/main/java/org/cloudfoundry/identity/uaa/client/UaaClient.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
package org.cloudfoundry.identity.uaa.client; | ||
|
||
import org.springframework.security.core.GrantedAuthority; | ||
import org.springframework.security.core.SpringSecurityCoreVersion; | ||
import org.springframework.security.core.userdetails.User; | ||
|
||
import java.util.Collection; | ||
import java.util.Map; | ||
|
||
public class UaaClient extends User { | ||
|
||
private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID; | ||
private transient Map<String, Object> additionalInformation; | ||
|
||
public UaaClient(String username, String password, Collection<? extends GrantedAuthority> authorities, Map<String, Object> additionalInformation) { | ||
super(username, password, authorities); | ||
this.additionalInformation = additionalInformation; | ||
} | ||
|
||
public Map<String, Object> getAdditionalInformation() { | ||
return this.additionalInformation; | ||
} | ||
|
||
} |
41 changes: 41 additions & 0 deletions
41
...rc/main/java/org/cloudfoundry/identity/uaa/client/UaaClientDetailsUserDetailsService.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
package org.cloudfoundry.identity.uaa.client; | ||
|
||
import org.springframework.security.core.userdetails.UserDetails; | ||
import org.springframework.security.core.userdetails.UserDetailsService; | ||
import org.springframework.security.core.userdetails.UsernameNotFoundException; | ||
import org.springframework.security.crypto.password.PasswordEncoder; | ||
import org.springframework.security.oauth2.provider.ClientDetails; | ||
import org.springframework.security.oauth2.provider.ClientDetailsService; | ||
import org.springframework.security.oauth2.provider.NoSuchClientException; | ||
|
||
public class UaaClientDetailsUserDetailsService implements UserDetailsService { | ||
|
||
private final ClientDetailsService clientDetailsService; | ||
private String emptyPassword = ""; | ||
|
||
public UaaClientDetailsUserDetailsService(final ClientDetailsService clientDetailsService) { | ||
this.clientDetailsService = clientDetailsService; | ||
} | ||
|
||
/** | ||
* @param passwordEncoder the password encoder to set | ||
*/ | ||
public void setPasswordEncoder(PasswordEncoder passwordEncoder) { | ||
this.emptyPassword = passwordEncoder.encode(""); | ||
} | ||
|
||
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { | ||
ClientDetails clientDetails; | ||
try { | ||
clientDetails = clientDetailsService.loadClientByClientId(username); | ||
} catch (NoSuchClientException e) { | ||
throw new UsernameNotFoundException(e.getMessage(), e); | ||
} | ||
String clientSecret = clientDetails.getClientSecret(); | ||
if (clientSecret== null || clientSecret.trim().length()==0) { | ||
clientSecret = emptyPassword; | ||
} | ||
return new UaaClient(username, clientSecret, clientDetails.getAuthorities(), clientDetails.getAdditionalInformation()); | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.