Skip to content

Fixed validation in ClientRegistration.Builder #7047

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 3, 2019

Conversation

edouardhue
Copy link
Contributor

ClientRegistration.Builder defaulted to validating as an
authorization code registration, though a custom grant type could be in
use. The actual grant type is now verified for every case.

  • Fixed validation in ClientRegistration.Builder
  • New test that fails unless the issue is fixed.

Also made OAuth2AuthorizationGrantRequestEntityUtils public to help
implementing custom token response clients.

Fixes #7040

Copy link
Member

@rwinch rwinch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @edouardhue!

I don't think we want to make OAuth2AuthorizationGrantRequestEntityUtils public because it wasn't really designed for external usage.

If we did make such a change, we'd want to do this in a separate ticket. Can you please remove the public modifier changes and we can get this merged? Then we can discuss on a separate ticket what exactly you are needing.

@rwinch rwinch added status: waiting-for-feedback We need additional information before we can continue and removed status: waiting-for-triage An issue we've not yet triaged labels Jun 28, 2019
@rwinch rwinch self-assigned this Jun 28, 2019
ClientRegistration.Builder defaulted to validating as an
authorization_code registration, though a custom grant type could be in
use. The actual grant_type is now verified for every case.
 - Fixed validation in ClientRegistration.Builder
 - New test that fails unless the issue is fixed.

Also made OAuth2AuthorizationGrantRequestEntityUtils public to help
implementing custom token response clients.

Fixes spring-projectsgh-7040
@edouardhue
Copy link
Contributor Author

@rwinch Ok, that's undone. I'll consider another ticket for this need.

@spring-projects-issues spring-projects-issues added status: feedback-provided Feedback has been provided and removed status: waiting-for-feedback We need additional information before we can continue labels Jul 1, 2019
@rwinch rwinch added in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: bug A general bug and removed status: feedback-provided Feedback has been provided labels Jul 3, 2019
@rwinch rwinch added this to the 5.2.0.RC1 milestone Jul 3, 2019
@rwinch rwinch merged commit 3c14725 into spring-projects:master Jul 3, 2019
@rwinch rwinch added the status: duplicate A duplicate of another issue label Jul 3, 2019
@rwinch
Copy link
Member

rwinch commented Jul 3, 2019

Thanks for the updates @edouardhue! This is now merged into master and backported to 5.1.x

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue type: bug A general bug
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Can't use a custom authorization grant type in a ClientRegistration
3 participants