private void validateClient(ClientDetails client, boolean create) { final Set<String> VALID_GRANTS = new HashSet<String>( Arrays.asList( "implicit", "password", "client_credentials", "authorization_code", "refresh_token")); for (String grant : client.getAuthorizedGrantTypes()) { if (!VALID_GRANTS.contains(grant)) { throw new InvalidClientDetailsException( grant + " is not an allowed grant type. Must be one of: " + VALID_GRANTS.toString()); } } if (create) { // Only check for missing secret if client is being created. if (client.getAuthorizedGrantTypes().size() == 1 && client.getAuthorizedGrantTypes().contains("implicit")) { if (StringUtils.hasText(client.getClientSecret())) { throw new InvalidClientDetailsException( "implicit grant does not require a client_secret"); } } else { if (!StringUtils.hasText(client.getClientSecret())) { throw new InvalidClientDetailsException( "client_secret is required for non-implicit grant types"); } } } }
private Object[] getFieldsForUpdate(ClientDetails clientDetails) { String json = null; try { json = mapper.write(clientDetails.getAdditionalInformation()); } catch (Exception e) { logger.warn("Could not serialize additional information: " + clientDetails, e); } return new Object[] { clientDetails.getResourceIds() != null ? StringUtils.collectionToCommaDelimitedString(clientDetails.getResourceIds()) : null, clientDetails.getScope() != null ? StringUtils.collectionToCommaDelimitedString(clientDetails.getScope()) : null, clientDetails.getAuthorizedGrantTypes() != null ? StringUtils.collectionToCommaDelimitedString(clientDetails.getAuthorizedGrantTypes()) : null, clientDetails.getRegisteredRedirectUri() != null ? StringUtils.collectionToCommaDelimitedString(clientDetails.getRegisteredRedirectUri()) : null, clientDetails.getAuthorities() != null ? StringUtils.collectionToCommaDelimitedString(clientDetails.getAuthorities()) : null, clientDetails.getAccessTokenValiditySeconds(), clientDetails.getRefreshTokenValiditySeconds(), json, getAutoApproveScopes(clientDetails), clientDetails.getClientId() }; }
/** * Is a refresh token supported for this client (or the global setting if {@link * #setClientDetailsService(ClientDetailsService) clientDetailsService} is not set. * * @param authorizationRequest the current authorization request * @return boolean to indicate if refresh token is supported */ protected boolean isSupportRefreshToken(OAuth2Request authorizationRequest) { if (clientDetailsService != null) { ClientDetails client = clientDetailsService.loadClientByClientId(authorizationRequest.getClientId()); return client.getAuthorizedGrantTypes().contains("refresh_token"); } return this.supportRefreshToken; }
private ClientDetails removeSecret(ClientDetails client) { BaseClientDetails details = new BaseClientDetails(); details.setClientId(client.getClientId()); details.setScope(client.getScope()); details.setResourceIds(client.getResourceIds()); details.setAuthorizedGrantTypes(client.getAuthorizedGrantTypes()); details.setRegisteredRedirectUri(client.getRegisteredRedirectUri()); details.setAuthorities(client.getAuthorities()); details.setAccessTokenValiditySeconds(client.getAccessTokenValiditySeconds()); return details; }
public String resolveRedirect(String requestedRedirect, ClientDetails client) throws OAuth2Exception { Set<String> authorizedGrantTypes = client.getAuthorizedGrantTypes(); if (authorizedGrantTypes.isEmpty()) { throw new InvalidGrantException("A client must have at least one authorized grant type."); } if (!containsRedirectGrantType(authorizedGrantTypes)) { throw new InvalidGrantException( "A redirect_uri can only be used by implicit or authorization_code grant types."); } Set<String> redirectUris = client.getRegisteredRedirectUri(); if (redirectUris != null && !redirectUris.isEmpty()) { return obtainMatchingRedirect(redirectUris, requestedRedirect); } else if (StringUtils.hasText(requestedRedirect)) { return requestedRedirect; } else { throw new RedirectMismatchException("A redirect_uri must be supplied."); } }