Repository: cxf Updated Branches: refs/heads/master 052582d56 -> 6173599f9
Reflecting that the hybrid is a combination of authorization_code and implicit flows as per the dynreg spec, etc Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6173599f Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6173599f Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6173599f Branch: refs/heads/master Commit: 6173599f9306602fa756924eb04ea0cd87ce5010 Parents: 052582d Author: Sergey Beryozkin <sberyoz...@gmail.com> Authored: Tue Dec 20 15:21:56 2016 +0000 Committer: Sergey Beryozkin <sberyoz...@gmail.com> Committed: Tue Dec 20 15:21:56 2016 +0000 ---------------------------------------------------------------------- .../oauth2/grants/code/AuthorizationCodeGrantHandler.java | 5 +++++ .../apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java | 2 +- .../org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java | 2 +- .../java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java | 2 -- 4 files changed, 7 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/6173599f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java index 7da48ef..7e65c07 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java @@ -123,7 +123,12 @@ public class AuthorizationCodeGrantHandler extends AbstractGrantHandler { throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); } } + // Make sure the client supports the authorization code in cases where + // the implicit/hybrid service was initiating the code grant processing flow + if (!client.getAllowedGrantTypes().isEmpty() && !client.getAllowedGrantTypes().contains(requestedGrant)) { + throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); + } // Delegate to the data provider to create the one AccessTokenRegistration reg = new AccessTokenRegistration(); reg.setGrantCode(grant.getCode()); http://git-wip-us.apache.org/repos/asf/cxf/blob/6173599f/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java index 08d6735..f7ed11f 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java @@ -46,7 +46,7 @@ public class IdTokenResponseFilter extends OAuthServerJoseJwtProducer implements public void process(ClientAccessToken ct, ServerAccessToken st) { if (st.getResponseType() != null && OidcUtils.CODE_AT_RESPONSE_TYPE.equals(st.getResponseType()) - && OidcUtils.HYBRID_FLOW.equals(st.getGrantType())) { + && OAuthConstants.IMPLICIT_GRANT.equals(st.getGrantType())) { // token post-processing as part of the current hybrid (implicit) flow // so no id_token is returned now - however when the code gets exchanged later on // this filter will add id_token to the returned access token http://git-wip-us.apache.org/repos/asf/cxf/blob/6173599f/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java index 708ad0a..3667389 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java @@ -44,7 +44,7 @@ public class OidcHybridService extends OidcImplicitService { this(false); } public OidcHybridService(boolean hybridOnly) { - super(getResponseTypes(hybridOnly), OidcUtils.HYBRID_FLOW); + super(getResponseTypes(hybridOnly), OAuthConstants.IMPLICIT_GRANT); } private static Set<String> getResponseTypes(boolean hybridOnly) { http://git-wip-us.apache.org/repos/asf/cxf/blob/6173599f/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java index 3bbc63a..6aa5725 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java @@ -47,8 +47,6 @@ public final class OidcUtils { public static final String CODE_ID_TOKEN_RESPONSE_TYPE = "code id_token"; public static final String CODE_ID_TOKEN_AT_RESPONSE_TYPE = "code id_token token"; - public static final String HYBRID_FLOW = "hybrid"; - public static final String ID_TOKEN = "id_token"; public static final String OPENID_SCOPE = "openid"; public static final String PROFILE_SCOPE = "profile";