Polish gh-1345

This commit is contained in:
Joe Grandja
2023-10-11 12:04:44 -04:00
parent 9109d3714b
commit 6d21a65ff4
2 changed files with 11 additions and 12 deletions

View File

@@ -196,28 +196,26 @@ public final class OidcClientRegistrationAuthenticationProvider implements Authe
}
RegisteredClient registeredClient = this.registeredClientConverter.convert(clientRegistrationAuthentication.getClientRegistration());
RegisteredClient.Builder registeredClientForDBBuilder = RegisteredClient.from(registeredClient);
RegisteredClient.Builder registeredClientForResponseBuilder = RegisteredClient.from(registeredClient);
if (StringUtils.hasText(registeredClient.getClientSecret())) {
// Encode the client secret
String encodedClientSecret = this.passwordEncoder.encode(registeredClient.getClientSecret());
registeredClientForDBBuilder = registeredClientForDBBuilder
.clientSecret(encodedClientSecret);
RegisteredClient updatedRegisteredClient = RegisteredClient.from(registeredClient)
.clientSecret(this.passwordEncoder.encode(registeredClient.getClientSecret()))
.build();
this.registeredClientRepository.save(updatedRegisteredClient);
if (ClientAuthenticationMethod.CLIENT_SECRET_JWT.getValue().equals(clientRegistrationAuthentication.getClientRegistration().getTokenEndpointAuthenticationMethod())) {
registeredClientForResponseBuilder.clientSecret(encodedClientSecret);
// gh-1344 Return the hashed client_secret
registeredClient = updatedRegisteredClient;
}
} else {
this.registeredClientRepository.save(registeredClient);
}
this.registeredClientRepository.save(registeredClientForDBBuilder.build());
RegisteredClient registeredClientForResponse = registeredClientForResponseBuilder.build();
if (this.logger.isTraceEnabled()) {
this.logger.trace("Saved registered client");
}
OAuth2Authorization registeredClientAuthorization = registerAccessToken(registeredClientForResponse);
OAuth2Authorization registeredClientAuthorization = registerAccessToken(registeredClient);
// Invalidate the "initial" access token as it can only be used once
authorization = OidcAuthenticationProviderUtils.invalidate(authorization, authorization.getAccessToken().getToken());
@@ -230,7 +228,7 @@ public final class OidcClientRegistrationAuthenticationProvider implements Authe
this.logger.trace("Saved authorization with invalidated initial access token");
}
Map<String, Object> clientRegistrationClaims = this.clientRegistrationConverter.convert(registeredClientForResponse).getClaims();
Map<String, Object> clientRegistrationClaims = this.clientRegistrationConverter.convert(registeredClient).getClaims();
OidcClientRegistration clientRegistration = OidcClientRegistration.withClaims(clientRegistrationClaims)
.registrationAccessToken(registeredClientAuthorization.getAccessToken().getToken().getTokenValue())
.build();

View File

@@ -402,6 +402,7 @@ public class OidcClientRegistrationTests {
.andReturn();
}
// gh-1344
@Test
public void requestWhenClientRegistersWithClientSecretJwtThenClientAuthenticationSuccess() throws Exception {
this.spring.register(AuthorizationServerConfiguration.class).autowire();