cxf git commit: Cleaning up AbstractImplicitService and prototyping the code to deal with id_token response type in OidcImplicitService, not complete yet
Repository: cxf Updated Branches: refs/heads/master 89cdf0a99 -> 5239e3a36 Cleaning up AbstractImplicitService and prototyping the code to deal with id_token response type in OidcImplicitService, not complete yet Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5239e3a3 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5239e3a3 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5239e3a3 Branch: refs/heads/master Commit: 5239e3a36abed124856276e36cc2384f32e22c38 Parents: 89cdf0a Author: Sergey BeryozkinAuthored: Fri Feb 5 13:32:33 2016 + Committer: Sergey Beryozkin Committed: Fri Feb 5 13:32:33 2016 + -- .../services/AbstractImplicitGrantService.java | 84 .../services/AuthorizationCodeGrantService.java | 7 +- .../services/RedirectionBasedGrantService.java | 21 - .../security/oidc/idp/OidcImplicitService.java | 48 +-- 4 files changed, 94 insertions(+), 66 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/5239e3a3/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java index 5133374..f3c466b 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java @@ -63,26 +63,18 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant UserSubject userSubject, ServerAccessToken preAuthorizedToken) { -boolean tokenCanBeReturned = preAuthorizedToken != null; ServerAccessToken token = null; if (preAuthorizedToken == null) { -tokenCanBeReturned = canAccessTokenBeReturned(state, requestedScope, approvedScope); -if (tokenCanBeReturned) { -AccessTokenRegistration reg = new AccessTokenRegistration(); -reg.setClient(client); -reg.setGrantType(super.getSupportedGrantType()); -reg.setSubject(userSubject); -reg.setRequestedScope(requestedScope); -if (approvedScope == null || approvedScope.isEmpty()) { -// no down-scoping done by a user, all of the requested scopes have been authorized -reg.setApprovedScope(requestedScope); -} else { -reg.setApprovedScope(approvedScope); -} - reg.setAudiences(Collections.singletonList(state.getAudience())); -reg.setNonce(state.getNonce()); -token = getDataProvider().createAccessToken(reg); -} +AccessTokenRegistration reg = new AccessTokenRegistration(); +reg.setClient(client); +reg.setGrantType(super.getSupportedGrantType()); +reg.setSubject(userSubject); +reg.setRequestedScope(requestedScope); +reg.setApprovedScope(getApprovedScope(requestedScope, approvedScope)); + +reg.setAudiences(Collections.singletonList(state.getAudience())); +reg.setNonce(state.getNonce()); +token = getDataProvider().createAccessToken(reg); } else { token = preAuthorizedToken; if (state.getNonce() != null) { @@ -90,39 +82,20 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant } } -ClientAccessToken clientToken = null; -if (token != null) { -clientToken = OAuthUtils.toClientAccessToken(token, isWriteOptionalParameters()); -} else { -// this is not ideal - it is only done to have OIDC Implicit to have an id_token added -// via AccessTokenResponseFilter. Note if id_token is needed (with or without access token) -// then the service needs to be injected with SubjectCreator, example, DefaultSubjectCreator -// extension which will have a chance to attach id_token to Subject properties which are checked -// by id_token AccessTokenResponseFilter. If at is also needed then OAuthDataProvider may deal -// with attaching id_token itself in which case no
cxf git commit: Cleaning up AbstractImplicitService and prototyping the code to deal with id_token response type in OidcImplicitService, not complete yet
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 0ddd071dd -> 9f457003d Cleaning up AbstractImplicitService and prototyping the code to deal with id_token response type in OidcImplicitService, not complete yet Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9f457003 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9f457003 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9f457003 Branch: refs/heads/3.1.x-fixes Commit: 9f457003d766950abc6a22d87d7045d3cf6aee44 Parents: 0ddd071 Author: Sergey BeryozkinAuthored: Fri Feb 5 13:32:33 2016 + Committer: Sergey Beryozkin Committed: Fri Feb 5 13:34:56 2016 + -- .../services/AbstractImplicitGrantService.java | 84 .../services/AuthorizationCodeGrantService.java | 7 +- .../services/RedirectionBasedGrantService.java | 21 - .../security/oidc/idp/OidcImplicitService.java | 48 +-- 4 files changed, 94 insertions(+), 66 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/9f457003/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java index 5133374..f3c466b 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java @@ -63,26 +63,18 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant UserSubject userSubject, ServerAccessToken preAuthorizedToken) { -boolean tokenCanBeReturned = preAuthorizedToken != null; ServerAccessToken token = null; if (preAuthorizedToken == null) { -tokenCanBeReturned = canAccessTokenBeReturned(state, requestedScope, approvedScope); -if (tokenCanBeReturned) { -AccessTokenRegistration reg = new AccessTokenRegistration(); -reg.setClient(client); -reg.setGrantType(super.getSupportedGrantType()); -reg.setSubject(userSubject); -reg.setRequestedScope(requestedScope); -if (approvedScope == null || approvedScope.isEmpty()) { -// no down-scoping done by a user, all of the requested scopes have been authorized -reg.setApprovedScope(requestedScope); -} else { -reg.setApprovedScope(approvedScope); -} - reg.setAudiences(Collections.singletonList(state.getAudience())); -reg.setNonce(state.getNonce()); -token = getDataProvider().createAccessToken(reg); -} +AccessTokenRegistration reg = new AccessTokenRegistration(); +reg.setClient(client); +reg.setGrantType(super.getSupportedGrantType()); +reg.setSubject(userSubject); +reg.setRequestedScope(requestedScope); +reg.setApprovedScope(getApprovedScope(requestedScope, approvedScope)); + +reg.setAudiences(Collections.singletonList(state.getAudience())); +reg.setNonce(state.getNonce()); +token = getDataProvider().createAccessToken(reg); } else { token = preAuthorizedToken; if (state.getNonce() != null) { @@ -90,39 +82,20 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant } } -ClientAccessToken clientToken = null; -if (token != null) { -clientToken = OAuthUtils.toClientAccessToken(token, isWriteOptionalParameters()); -} else { -// this is not ideal - it is only done to have OIDC Implicit to have an id_token added -// via AccessTokenResponseFilter. Note if id_token is needed (with or without access token) -// then the service needs to be injected with SubjectCreator, example, DefaultSubjectCreator -// extension which will have a chance to attach id_token to Subject properties which are checked -// by id_token AccessTokenResponseFilter. If at is also needed then OAuthDataProvider may deal -// with attaching id_token itself in which