GitHub-Spring
/
spring-authorization-server
mirror of https://github.com/spring-projects/spring-authorization-server.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Dynamic client registration does not generate client_secret for private_key_jwt 

Closes gh-657
pull/679/head
Joe Grandja 4 years ago
parent
586c7daf2a
commit
8354aaa3cc
2 changed files with 20 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 24
      oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProvider.java
  2. 6
      oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProviderTests.java

24
oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProvider.java
Unescape View File

@ -48,12 +48,9 @@ import org.springframework.security.oauth2.core.oidc.OidcClientRegistration; @@ -48,12 +48,9 @@ import org.springframework.security.oauth2.core.oidc.OidcClientRegistration;
import org.springframework.security.oauth2.jose.jws.MacAlgorithm;
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
import org.springframework.security.oauth2.jwt.JwtEncoder;
import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.JwtGenerator;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
@ -62,6 +59,9 @@ import org.springframework.security.oauth2.server.authorization.config.ProviderS @@ -62,6 +59,9 @@ import org.springframework.security.oauth2.server.authorization.config.ProviderS
import org.springframework.security.oauth2.server.authorization.config.TokenSettings;
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.JwtGenerator;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
import org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
@ -305,9 +305,12 @@ public final class OidcClientRegistrationAuthenticationProvider implements Authe @@ -305,9 +305,12 @@ public final class OidcClientRegistrationAuthenticationProvider implements Authe
OidcClientRegistration.Builder builder = OidcClientRegistration.builder()
.clientId(registeredClient.getClientId())
.clientIdIssuedAt(registeredClient.getClientIdIssuedAt())
.clientSecret(registeredClient.getClientSecret())
.clientName(registeredClient.getClientName());
if (registeredClient.getClientSecret() != null) {
builder.clientSecret(registeredClient.getClientSecret());
}
builder.redirectUris(redirectUris ->
redirectUris.addAll(registeredClient.getRedirectUris()));
@ -419,17 +422,22 @@ public final class OidcClientRegistrationAuthenticationProvider implements Authe @@ -419,17 +422,22 @@ public final class OidcClientRegistrationAuthenticationProvider implements Authe
RegisteredClient.Builder builder = RegisteredClient.withId(UUID.randomUUID().toString())
.clientId(CLIENT_ID_GENERATOR.generateKey())
.clientIdIssuedAt(Instant.now())
.clientSecret(CLIENT_SECRET_GENERATOR.generateKey())
.clientName(clientRegistration.getClientName());
if (ClientAuthenticationMethod.CLIENT_SECRET_POST.getValue().equals(clientRegistration.getTokenEndpointAuthenticationMethod())) {
builder.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST);
builder
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST)
.clientSecret(CLIENT_SECRET_GENERATOR.generateKey());
} else if (ClientAuthenticationMethod.CLIENT_SECRET_JWT.getValue().equals(clientRegistration.getTokenEndpointAuthenticationMethod())) {
builder.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_JWT);
builder
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_JWT)
.clientSecret(CLIENT_SECRET_GENERATOR.generateKey());
} else if (ClientAuthenticationMethod.PRIVATE_KEY_JWT.getValue().equals(clientRegistration.getTokenEndpointAuthenticationMethod())) {
builder.clientAuthenticationMethod(ClientAuthenticationMethod.PRIVATE_KEY_JWT);
} else {
builder.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
builder
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
.clientSecret(CLIENT_SECRET_GENERATOR.generateKey());
}
builder.redirectUris(redirectUris ->

6
oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProviderTests.java
Unescape View File

@ -48,11 +48,9 @@ import org.springframework.security.oauth2.jwt.JwtClaimsSet; @@ -48,11 +48,9 @@ import org.springframework.security.oauth2.jwt.JwtClaimsSet;
import org.springframework.security.oauth2.jwt.JwtEncoder;
import org.springframework.security.oauth2.jwt.TestJoseHeaders;
import org.springframework.security.oauth2.jwt.TestJwtClaimsSets;
import org.springframework.security.oauth2.server.authorization.token.JwtGenerator;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
@ -61,6 +59,8 @@ import org.springframework.security.oauth2.server.authorization.config.ClientSet @@ -61,6 +59,8 @@ import org.springframework.security.oauth2.server.authorization.config.ClientSet
import org.springframework.security.oauth2.server.authorization.config.ProviderSettings;
import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
import org.springframework.security.oauth2.server.authorization.token.JwtGenerator;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.web.util.UriComponentsBuilder;
@ -472,6 +472,7 @@ public class OidcClientRegistrationAuthenticationProviderTests { @@ -472,6 +472,7 @@ public class OidcClientRegistrationAuthenticationProviderTests {
(OidcClientRegistrationAuthenticationToken) this.authenticationProvider.authenticate(authentication);
assertThat(authenticationResult.getClientRegistration().getTokenEndpointAuthenticationSigningAlgorithm())
.isEqualTo(MacAlgorithm.HS256.getName());
assertThat(authenticationResult.getClientRegistration().getClientSecret()).isNotNull();
// @formatter:off
builder
@ -482,6 +483,7 @@ public class OidcClientRegistrationAuthenticationProviderTests { @@ -482,6 +483,7 @@ public class OidcClientRegistrationAuthenticationProviderTests {
authenticationResult = (OidcClientRegistrationAuthenticationToken) this.authenticationProvider.authenticate(authentication);
assertThat(authenticationResult.getClientRegistration().getTokenEndpointAuthenticationSigningAlgorithm())
.isEqualTo(SignatureAlgorithm.RS256.getName());
assertThat(authenticationResult.getClientRegistration().getClientSecret()).isNull();
}
@Test

Write Preview
Loading…
Cancel
Save