Avoid persisting client principal in device authorization request

Issue gh-1106
This commit is contained in:
Joe Grandja
2023-03-27 11:39:44 -04:00
parent 1354ca4549
commit 5b690dfb3a

View File

@@ -15,7 +15,6 @@
*/
package org.springframework.security.oauth2.server.authorization.authentication;
import java.security.Principal;
import java.time.Instant;
import java.util.Base64;
import java.util.HashSet;
@@ -159,7 +158,6 @@ public final class OAuth2DeviceAuthorizationRequestAuthenticationProvider implem
.authorizationGrantType(AuthorizationGrantType.DEVICE_CODE)
.token(deviceCode)
.token(userCode)
.attribute(Principal.class.getName(), clientPrincipal)
.attribute(OAuth2ParameterNames.SCOPE, new HashSet<>(requestedScopes))
.build();
// @formatter:on