Temporal: Certification changes #1786
Conversation
|
Kudos, SonarCloud Quality Gate passed! |
| @@ -289,6 +290,11 @@ private Response requestAuthorization( | |||
| isPromptFromJwt = true; | |||
| } | |||
|
|
|||
| if (jwtRequest.getResponseMode() != null) { | |||
There was a problem hiding this comment.
| @@ -208,7 +208,7 @@ private Response registerClientImpl(String requestParams, HttpServletRequest htt | |||
| log.debug("The Initiate Login Uri is invalid. The initiate_login_uri must use the https schema: " + r.getInitiateLoginUri()); | |||
| throw errorResponseFactory.createWebApplicationException( | |||
| Response.Status.BAD_REQUEST, | |||
| RegisterErrorResponseType.INVALID_CLAIMS_REDIRECT_URI, | |||
| RegisterErrorResponseType.INVALID_CLIENT_METADATA, | |||
There was a problem hiding this comment.
| @@ -306,6 +307,10 @@ public boolean validateRedirectUris(List<GrantType> grantTypes, List<ResponseTyp | |||
| } catch (Exception e) { | |||
| log.debug(e.getMessage(), e); | |||
| valid = false; | |||
| } finally { | |||
| if (!valid) { | |||
| noRedirectUriInSectorIdentifierUri = true; | |||
There was a problem hiding this comment.
Sounds like we can directly throw exception here and remove noRedirectUriInSectorIdentifierUri variable.
throw errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST, RegisterErrorResponseType.INVALID_CLIENT_METADATA, "Failed to validate redirect uris. No redirect_uri in sector_identifier_uri content.");
There was a problem hiding this comment.
I have moved the changes from Jans to oxAuth.
This is the Jans reference issue: JanssenProject/jans#3639.
Now that we can improve it like this would be ideal.
But we should test the certification again for that case.
If the certification comes out successful, we can take it to Jans as well.
| @@ -143,7 +143,7 @@ public Response requestRegister(String requestParams, HttpServletRequest httpReq | |||
| } | |||
|
|
|||
| private Response registerClientImpl(String requestParams, HttpServletRequest httpRequest, SecurityContext securityContext) { | |||
| Response.ResponseBuilder builder = Response.ok(); | |||
| Response.ResponseBuilder builder = Response.status(201); | |||
There was a problem hiding this comment.
We need backward compatibility support.
Response.ResponseBuilder builder = Response.status(CREATED);
if (appConfiguration.getReturn200OnClientRegistration()) {
builder = Response.ok();
}
There was a problem hiding this comment.
I think this is excellent, I can work on it.
| || (responseTypes.contains(ResponseType.ID_TOKEN) && responseTypes.size() == 1) | ||
| || (responseTypes.contains(ResponseType.ID_TOKEN) && responseTypes.contains(ResponseType.TOKEN)) | ||
| || (responseTypes.contains(ResponseType.TOKEN) && responseTypes.size() == 1))) { | ||
| return false; |
There was a problem hiding this comment.
We should retire this validateParams, add new validateResponseType and throw error directly
public void validateResponseType(List<ResponseType> responseTypes, String nonce) {
if (!existsNonce && ((responseTypes.contains(ResponseType.CODE) && responseTypes.contains(ResponseType.ID_TOKEN))
|| (responseTypes.contains(ResponseType.ID_TOKEN) && responseTypes.size() == 1)
|| (responseTypes.contains(ResponseType.ID_TOKEN) && responseTypes.contains(ResponseType.TOKEN))
|| (responseTypes.contains(ResponseType.TOKEN) && responseTypes.size() == 1))) {
throw new WebApplicationException(...);
}
|
This PR has already been separated into multiple PRs for review by parts, I will proceed to close. |
These are the changes you made during Gluu 4.5 certification