/** * @return * @see org.mitre.oauth2.model.ClientDetailsEntity#getClientSecret() */ public String getClientSecret() { return client.getClientSecret(); } /**
/** * Create a symmetric signing and validation service for the given client * * @param client * @return */ public JWTSigningAndValidationService getSymmetricValidtor(ClientDetailsEntity client) { if (client == null) { logger.error("Couldn't create symmetric validator for null client"); return null; } if (Strings.isNullOrEmpty(client.getClientSecret())) { logger.error("Couldn't create symmetric validator for client " + client.getClientId() + " without a client secret"); return null; } try { return validators.get(client.getClientSecret()); } catch (UncheckedExecutionException ue) { logger.error("Problem loading client validator", ue); return null; } catch (ExecutionException e) { logger.error("Problem loading client validator", e); return null; } }
@Override public UserDetails loadUserByUsername(String clientId) throws UsernameNotFoundException { try { ClientDetailsEntity client = clientDetailsService.loadClientByClientId(clientId); if (client != null) { String password = Strings.nullToEmpty(client.getClientSecret()); if (config.isHeartMode() || // if we're running HEART mode turn off all client secrets (client.getTokenEndpointAuthMethod() != null && (client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) || client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)))) { // Issue a random password each time to prevent password auth from being used (or skipped) // for private key or shared key clients, see #715 password = new BigInteger(512, new SecureRandom()).toString(16); } boolean enabled = true; boolean accountNonExpired = true; boolean credentialsNonExpired = true; boolean accountNonLocked = true; Collection<GrantedAuthority> authorities = new HashSet<>(client.getAuthorities()); authorities.add(ROLE_CLIENT); return new User(clientId, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities); } else { throw new UsernameNotFoundException("Client not found: " + clientId); } } catch (InvalidClientException e) { throw new UsernameNotFoundException("Client not found: " + clientId); } }
@Override public UserDetails loadUserByUsername(String clientId) throws UsernameNotFoundException { try { String decodedClientId = UriUtils.decode(clientId, "UTF-8"); ClientDetailsEntity client = clientDetailsService.loadClientByClientId(decodedClientId); if (client != null) { String encodedPassword = UriUtils.encodePathSegment(Strings.nullToEmpty(client.getClientSecret()), "UTF-8"); if (config.isHeartMode() || // if we're running HEART mode turn off all client secrets (client.getTokenEndpointAuthMethod() != null && (client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) || client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)))) { // Issue a random password each time to prevent password auth from being used (or skipped) // for private key or shared key clients, see #715 encodedPassword = new BigInteger(512, new SecureRandom()).toString(16); } boolean enabled = true; boolean accountNonExpired = true; boolean credentialsNonExpired = true; boolean accountNonLocked = true; Collection<GrantedAuthority> authorities = new HashSet<>(client.getAuthorities()); authorities.add(ROLE_CLIENT); return new User(decodedClientId, encodedPassword, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities); } else { throw new UsernameNotFoundException("Client not found: " + clientId); } } catch (UnsupportedEncodingException | InvalidClientException e) { throw new UsernameNotFoundException("Client not found: " + clientId); } }
|| Strings.isNullOrEmpty(client.getClientSecret())) { client = clientService.generateClientSecret(client);
|| Strings.isNullOrEmpty(client.getClientSecret())) { client = clientService.generateClientSecret(client);
if (!Strings.isNullOrEmpty(client.getClientSecret())) { throw new IllegalArgumentException("[HEART mode] Client secrets are not allowed");
writeNullSafeArray(writer, client.getResourceIds()); writer.name(SECRET).value(client.getClientSecret());
newClient.setClientSecret(oldClient.getClientSecret());
newClient.setClientSecret(oldClient.getClientSecret());
private ClientDetailsEntity validateAuth(ClientDetailsEntity newClient) throws ValidationException { if (newClient.getTokenEndpointAuthMethod() == null) { newClient.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC); } if (newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_BASIC || newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_JWT || newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_POST) { if (Strings.isNullOrEmpty(newClient.getClientSecret())) { // no secret yet, we need to generate a secret newClient = clientService.generateClientSecret(newClient); } } else if (newClient.getTokenEndpointAuthMethod() == AuthMethod.PRIVATE_KEY) { if (Strings.isNullOrEmpty(newClient.getJwksUri()) && newClient.getJwks() == null) { throw new ValidationException("invalid_client_metadata", "JWK Set URI required when using private key authentication", HttpStatus.BAD_REQUEST); } newClient.setClientSecret(null); } else if (newClient.getTokenEndpointAuthMethod() == AuthMethod.NONE) { newClient.setClientSecret(null); } else { throw new ValidationException("invalid_client_metadata", "Unknown authentication method", HttpStatus.BAD_REQUEST); } return newClient; }
private ClientDetailsEntity validateAuth(ClientDetailsEntity newClient) throws ValidationException { if (newClient.getTokenEndpointAuthMethod() == null) { newClient.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC); } if (newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_BASIC || newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_JWT || newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_POST) { if (Strings.isNullOrEmpty(newClient.getClientSecret())) { // no secret yet, we need to generate a secret newClient = clientService.generateClientSecret(newClient); } } else if (newClient.getTokenEndpointAuthMethod() == AuthMethod.PRIVATE_KEY) { if (Strings.isNullOrEmpty(newClient.getJwksUri()) && newClient.getJwks() == null) { throw new ValidationException("invalid_client_metadata", "JWK Set URI required when using private key authentication", HttpStatus.BAD_REQUEST); } newClient.setClientSecret(null); } else if (newClient.getTokenEndpointAuthMethod() == AuthMethod.NONE) { newClient.setClientSecret(null); } else { throw new ValidationException("invalid_client_metadata", "Unknown authentication method", HttpStatus.BAD_REQUEST); } return newClient; }
|| Strings.isNullOrEmpty(client.getClientSecret())) { client = clientService.generateClientSecret(client);
|| Strings.isNullOrEmpty(client.getClientSecret())) { client = clientService.generateClientSecret(client);
if (!Strings.isNullOrEmpty(client.getClientSecret())) { throw new IllegalArgumentException("[HEART mode] Client secrets are not allowed");
writeNullSafeArray(writer, client.getResourceIds()); writer.name(SECRET).value(client.getClientSecret());
newClient.setClientSecret(oldClient.getClientSecret());
private ClientDetailsEntity validateAuth(ClientDetailsEntity newClient) throws ValidationException { if (newClient.getTokenEndpointAuthMethod() == null) { newClient.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC); } if (newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_BASIC || newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_JWT || newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_POST) { if (Strings.isNullOrEmpty(newClient.getClientSecret())) { // no secret yet, we need to generate a secret newClient = clientService.generateClientSecret(newClient); } } else if (newClient.getTokenEndpointAuthMethod() == AuthMethod.PRIVATE_KEY) { if (Strings.isNullOrEmpty(newClient.getJwksUri()) && newClient.getJwks() == null) { throw new ValidationException("invalid_client_metadata", "JWK Set URI required when using private key authentication", HttpStatus.BAD_REQUEST); } newClient.setClientSecret(null); } else if (newClient.getTokenEndpointAuthMethod() == AuthMethod.NONE) { newClient.setClientSecret(null); } else { throw new ValidationException("invalid_client_metadata", "Unknown authentication method", HttpStatus.BAD_REQUEST); } return newClient; }
newClient.setClientSecret(oldClient.getClientSecret());
private ClientDetailsEntity validateAuth(ClientDetailsEntity newClient) throws ValidationException { if (newClient.getTokenEndpointAuthMethod() == null) { newClient.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC); } if (newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_BASIC || newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_JWT || newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_POST) { if (Strings.isNullOrEmpty(newClient.getClientSecret())) { // no secret yet, we need to generate a secret newClient = clientService.generateClientSecret(newClient); } } else if (newClient.getTokenEndpointAuthMethod() == AuthMethod.PRIVATE_KEY) { if (Strings.isNullOrEmpty(newClient.getJwksUri()) && newClient.getJwks() == null) { throw new ValidationException("invalid_client_metadata", "JWK Set URI required when using private key authentication", HttpStatus.BAD_REQUEST); } newClient.setClientSecret(null); } else if (newClient.getTokenEndpointAuthMethod() == AuthMethod.NONE) { newClient.setClientSecret(null); } else { throw new ValidationException("invalid_client_metadata", "Unknown authentication method", HttpStatus.BAD_REQUEST); } return newClient; }