Skip to content

Commit

Permalink
feat(oxauth): added configuration property to AS which will allow to …
Browse files Browse the repository at this point in the history 
…bypass basic client authentication restriction to query only own tokens

#1865
  • Loading branch information
@yuriyz
yuriyz committed Oct 16, 2023
1 parent 5ac197d commit 0d04459
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 2 deletions.
10 changes: 10 additions & 0 deletions Model/src/main/java/org/gluu/oxauth/model/configuration/AppConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -195,6 +195,7 @@ public class AppConfiguration implements Configuration {

private Boolean introspectionAccessTokenMustHaveUmaProtectionScope = false;
private Boolean introspectionSkipAuthorization;
private Boolean introspectionRestrictBasicAuthnToOwnTokens = false;

private Boolean endSessionWithAccessToken;
private String cookieDomain;
Expand Down Expand Up @@ -584,6 +585,15 @@ public void setIntrospectionSkipAuthorization(Boolean introspectionSkipAuthoriza
this.introspectionSkipAuthorization = introspectionSkipAuthorization;
}

public Boolean getIntrospectionRestrictBasicAuthnToOwnTokens() {
if (introspectionRestrictBasicAuthnToOwnTokens == null) introspectionRestrictBasicAuthnToOwnTokens = false;
return introspectionRestrictBasicAuthnToOwnTokens;
}

public void setIntrospectionRestrictBasicAuthnToOwnTokens(Boolean introspectionRestrictBasicAuthnToOwnTokens) {
this.introspectionRestrictBasicAuthnToOwnTokens = introspectionRestrictBasicAuthnToOwnTokens;
}

public Boolean getUmaRptAsJwt() {
return umaRptAsJwt;
}
Expand Down
6 changes: 4 additions & 2 deletions Server/src/main/java/org/gluu/oxauth/introspection/ws/rs/IntrospectionWebService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,8 @@
import java.nio.charset.StandardCharsets;
import java.util.Iterator;

import static org.apache.commons.lang3.BooleanUtils.isTrue;

/**
* @author Yuriy Zabrovarnyy
* @version June 30, 2018
Expand Down Expand Up @@ -275,13 +277,13 @@ private Pair<AuthorizationGrant, Boolean> getAuthorizationGrant(String authoriza
String password = URLDecoder.decode(token.substring(delim + 1), Util.UTF8_STRING_ENCODING);
if (clientService.authenticate(clientId, password)) {
grant = authorizationGrantList.getAuthorizationGrantByAccessToken(accessToken);
if (grant != null && !grant.getClientId().equals(clientId)) {
if (isTrue(appConfiguration.getIntrospectionRestrictBasicAuthnToOwnTokens()) && grant != null && !grant.getClientId().equals(clientId)) {
log.trace("Failed to match grant object clientId and client id provided during authentication.");
return EMPTY;
}
return new Pair<>(grant, true);
} else {
log.trace("Failed to perform basic authentication for client: " + clientId);
log.trace("Failed to perform basic authentication for client: {}", clientId);
}
}
}
Expand Down

0 comments on commit 0d04459

Please sign in to comment.