Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 713050c92 -> e1d841c6b
Reflecting that the hybrid is a combination of authorization_code and implicit flows as per the dynreg spec, etc Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e1d841c6 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e1d841c6 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e1d841c6 Branch: refs/heads/3.1.x-fixes Commit: e1d841c6ba4b0cad5b90a584cb3eefac3f0cb9a9 Parents: 713050c Author: Sergey Beryozkin <[email protected]> Authored: Tue Dec 20 15:21:56 2016 +0000 Committer: Sergey Beryozkin <[email protected]> Committed: Tue Dec 20 15:22:50 2016 +0000 ---------------------------------------------------------------------- .../oauth2/grants/code/AuthorizationCodeGrantHandler.java | 5 +++++ .../apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java | 2 +- .../org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java | 2 +- .../java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java | 2 -- 4 files changed, 7 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/e1d841c6/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java index 97ba3dd..4e1121e 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java @@ -123,7 +123,12 @@ public class AuthorizationCodeGrantHandler extends AbstractGrantHandler { throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); } } + // Make sure the client supports the authorization code in cases where + // the implicit/hybrid service was initiating the code grant processing flow + if (!client.getAllowedGrantTypes().isEmpty() && !client.getAllowedGrantTypes().contains(requestedGrant)) { + throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); + } // Delegate to the data provider to create the one AccessTokenRegistration reg = new AccessTokenRegistration(); reg.setGrantCode(grant.getCode()); http://git-wip-us.apache.org/repos/asf/cxf/blob/e1d841c6/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java index 08d6735..f7ed11f 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java @@ -46,7 +46,7 @@ public class IdTokenResponseFilter extends OAuthServerJoseJwtProducer implements public void process(ClientAccessToken ct, ServerAccessToken st) { if (st.getResponseType() != null && OidcUtils.CODE_AT_RESPONSE_TYPE.equals(st.getResponseType()) - && OidcUtils.HYBRID_FLOW.equals(st.getGrantType())) { + && OAuthConstants.IMPLICIT_GRANT.equals(st.getGrantType())) { // token post-processing as part of the current hybrid (implicit) flow // so no id_token is returned now - however when the code gets exchanged later on // this filter will add id_token to the returned access token http://git-wip-us.apache.org/repos/asf/cxf/blob/e1d841c6/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java index 708ad0a..3667389 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java @@ -44,7 +44,7 @@ public class OidcHybridService extends OidcImplicitService { this(false); } public OidcHybridService(boolean hybridOnly) { - super(getResponseTypes(hybridOnly), OidcUtils.HYBRID_FLOW); + super(getResponseTypes(hybridOnly), OAuthConstants.IMPLICIT_GRANT); } private static Set<String> getResponseTypes(boolean hybridOnly) { http://git-wip-us.apache.org/repos/asf/cxf/blob/e1d841c6/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java index 3bbc63a..6aa5725 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java @@ -47,8 +47,6 @@ public final class OidcUtils { public static final String CODE_ID_TOKEN_RESPONSE_TYPE = "code id_token"; public static final String CODE_ID_TOKEN_AT_RESPONSE_TYPE = "code id_token token"; - public static final String HYBRID_FLOW = "hybrid"; - public static final String ID_TOKEN = "id_token"; public static final String OPENID_SCOPE = "openid"; public static final String PROFILE_SCOPE = "profile";
