From 5b690dfb3a2b530a359bef3f4c5405e014f2d847 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Mon, 27 Mar 2023 11:39:44 -0400 Subject: [PATCH] Avoid persisting client principal in device authorization request Issue gh-1106 --- .../OAuth2DeviceAuthorizationRequestAuthenticationProvider.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceAuthorizationRequestAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceAuthorizationRequestAuthenticationProvider.java index 86edb109..d21ed9c4 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceAuthorizationRequestAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceAuthorizationRequestAuthenticationProvider.java @@ -15,7 +15,6 @@ */ package org.springframework.security.oauth2.server.authorization.authentication; -import java.security.Principal; import java.time.Instant; import java.util.Base64; import java.util.HashSet; @@ -159,7 +158,6 @@ public final class OAuth2DeviceAuthorizationRequestAuthenticationProvider implem .authorizationGrantType(AuthorizationGrantType.DEVICE_CODE) .token(deviceCode) .token(userCode) - .attribute(Principal.class.getName(), clientPrincipal) .attribute(OAuth2ParameterNames.SCOPE, new HashSet<>(requestedScopes)) .build(); // @formatter:on