Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 8a40a05ad -> 1ac741ef5
Initial support for a form_post response_mod (def by OIDC but recommended for OAuth2 too) Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1ac741ef Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1ac741ef Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1ac741ef Branch: refs/heads/3.1.x-fixes Commit: 1ac741ef5115286e9abb0bec03b6afcf87b5e15d Parents: 8a40a05 Author: Sergey Beryozkin <[email protected]> Authored: Wed Nov 9 17:14:20 2016 +0000 Committer: Sergey Beryozkin <[email protected]> Committed: Wed Nov 9 17:17:02 2016 +0000 ---------------------------------------------------------------------- .../security/oauth2/common/OOBAuthorizationResponse.java | 10 +++++++++- .../oauth2/services/AuthorizationCodeGrantService.java | 5 ++++- .../cxf/rs/security/oauth2/utils/OAuthConstants.java | 7 +++++-- 3 files changed, 18 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/1ac741ef/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OOBAuthorizationResponse.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OOBAuthorizationResponse.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OOBAuthorizationResponse.java index bc1a4aa..673c2b0 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OOBAuthorizationResponse.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OOBAuthorizationResponse.java @@ -25,7 +25,7 @@ public class OOBAuthorizationResponse { private String clientDescription; private String userId; private long expiresIn; - + private String redirectUri; public String getAuthorizationCode() { return authorizationCode; } @@ -65,5 +65,13 @@ public class OOBAuthorizationResponse { public void setClientDescription(String clientDescription) { this.clientDescription = clientDescription; } + + public String getRedirectUri() { + return redirectUri; + } + + public void setRedirectUri(String redirectUri) { + this.redirectUri = redirectUri; + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/1ac741ef/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java index 2a71cdb..ddc47ed 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java @@ -106,13 +106,16 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService return createErrorResponse(state.getState(), state.getRedirectUri(), OAuthConstants.ACCESS_DENIED); } String grantCode = processCodeGrant(client, grant.getCode(), grant.getSubject()); - if (state.getRedirectUri() == null) { + if (state.getRedirectUri() == null + || OAuthConstants.FORM_RESPONSE_MODE.equals( + state.getExtraProperties().get(OAuthConstants.RESPONSE_MODE))) { OOBAuthorizationResponse oobResponse = new OOBAuthorizationResponse(); oobResponse.setClientId(client.getClientId()); oobResponse.setClientDescription(client.getApplicationDescription()); oobResponse.setAuthorizationCode(grantCode); oobResponse.setUserId(userSubject.getLogin()); oobResponse.setExpiresIn(grant.getExpiresIn()); + oobResponse.setRedirectUri(state.getRedirectUri()); return deliverOOBResponse(oobResponse); } else { // return the code by appending it as a query parameter to the redirect URI http://git-wip-us.apache.org/repos/asf/cxf/blob/1ac741ef/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java index 635c016..a14fa97 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java @@ -37,12 +37,15 @@ public final class OAuthConstants { public static final String ACCESS_TOKEN = "access_token"; public static final String ACCESS_TOKEN_TYPE = "token_type"; public static final String ACCESS_TOKEN_EXPIRES_IN = "expires_in"; - // CXF-Specific - public static final String ACCESS_TOKEN_ISSUED_AT = "issued_at"; public static final String GRANT_TYPE = "grant_type"; public static final String RESPONSE_TYPE = "response_type"; public static final String TOKEN_RESPONSE_TYPE = "token"; public static final String REFRESH_TOKEN = "refresh_token"; + public static final String RESPONSE_MODE = "response_mode"; + public static final String FORM_RESPONSE_MODE = "form_post"; + // CXF-Specific + public static final String ACCESS_TOKEN_ISSUED_AT = "issued_at"; + // Well-known grant types public static final String AUTHORIZATION_CODE_GRANT = "authorization_code";
