Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement XYZ Protocol #1536

Draft
wants to merge 6 commits into
base: master
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,4 @@ bin
/target
.springBeans
nb-configuration.xml
.factorypath
5 changes: 5 additions & 0 deletions openid-connect-common/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,11 @@
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>javax.annotation</groupId>
<artifactId>javax.annotation-api</artifactId>
<version>1.3.1</version>
</dependency>
</dependencies>

<packaging>jar</packaging>
Expand Down
12 changes: 11 additions & 1 deletion openid-connect-server-webapp/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -142,11 +142,21 @@
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
</dependency>

<dependency>
<groupId>com.zaxxer</groupId>
<artifactId>HikariCP</artifactId>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>2.3.1</version>
</dependency>
<dependency>
<groupId>org.glassfish.jaxb</groupId>
<artifactId>jaxb-runtime</artifactId>
<version>2.3.1</version>
<scope>runtime</scope>
</dependency>
</dependencies>
<description>Deployable package of the OpenID Connect server</description>
</project>
75 changes: 23 additions & 52 deletions openid-connect-server-webapp/src/main/resources/db/hsql/clients.sql
Original file line number Diff line number Diff line change
Expand Up @@ -10,60 +10,31 @@ START TRANSACTION;
-- Insert client information into the temporary tables. To add clients to the HSQL database, edit things here.
--

INSERT INTO client_details_TEMP (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES
('client', 'secret', 'Test Client', false, null, 3600, 600, true);

INSERT INTO client_scope_TEMP (owner_id, scope) VALUES
('client', 'openid'),
('client', 'profile'),
('client', 'email'),
('client', 'address'),
('client', 'phone'),
('client', 'offline_access');

INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES
('client', 'http://localhost/'),
('client', 'http://localhost:8080/');
INSERT INTO client_details (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection, jwks, token_endpoint_auth_method) VALUES
('client', 'secret', 'Test Client', false, null, 3600, 600, true,
'{"keys": [{ "kty": "RSA", "d": "m1M7uj1uZMgQqd2qwqBk07rgFzbzdCAbsfu5kvqoALv3oRdyi_UVHXDhos3DZVQ3M6mKgb30XXESykY8tpWcQOU-qx6MwtSFbo-3SNx9fBtylyQosHECGyleVP79YTE4mC0odRoUIDS90J9AcFsdVtC6M2oJ3CCL577a-lJg6eYyQoRmbjdzqMnBFJ99TCfR6wBQQbzXi1K_sN6gcqhxMmQXHWlqfT7-AJIxX9QUF0rrXMMX9fPh-HboGKs2Dqoo3ofJ2XuePpmpVDvtGy_jenXmUdpsRleqnMrEI2qkBonJQSKL4HPNpsylbQyXt2UtYrzcopCp7jL-j56kRPpQAQ", "e": "AQAB", "kid": "xyz-client", "alg": "RS256", "n": "zwCT_3bx-glbbHrheYpYpRWiY9I-nEaMRpZnRrIjCs6b_emyTkBkDDEjSysi38OC73hj1-WgxcPdKNGZyIoH3QZen1MKyyhQpLJG1-oLNLqm7pXXtdYzSdC9O3-oiyy8ykO4YUyNZrRRfPcihdQCbO_OC8Qugmg9rgNDOSqppdaNeas1ov9PxYvxqrz1-8Ha7gkD00YECXHaB05uMaUadHq-O_WIvYXicg6I5j6S44VNU65VBwu-AlynTxQdMAWP3bYxVVy6p3-7eTJokvjYTFqgDVDZ8lUXbr5yCTnRhnhJgvf3VjD_malNe8-tOqK5OSDlHTy6gD9NqdGCm-Pm3Q" }]}',
'PRIVATE_KEY');

INSERT INTO client_scope (owner_id, scope) VALUES
(1, 'openid'),
(1, 'profile'),
(1, 'email'),
(1, 'address'),
(1, 'phone'),
(1, 'offline_access');

INSERT INTO client_redirect_uri (owner_id, redirect_uri) VALUES
(1, 'http://localhost/'),
(1, 'http://localhost:8080/'),
(1, 'http://host.docker.internal:9834/api/client/callback');

INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES
('client', 'authorization_code'),
('client', 'urn:ietf:params:oauth:grant_type:redelegate'),
('client', 'urn:ietf:params:oauth:grant-type:device_code'),
('client', 'implicit'),
('client', 'refresh_token');
INSERT INTO client_grant_type (owner_id, grant_type) VALUES
(1, 'authorization_code'),
(1, 'urn:ietf:params:oauth:grant_type:redelegate'),
(1, 'urn:ietf:params:oauth:grant-type:device_code'),
(1, 'implicit'),
(1, 'refresh_token');

--
-- Merge the temporary clients safely into the database. This is a two-step process to keep clients from being created on every startup with a persistent store.
--

MERGE INTO client_details
USING (SELECT client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection FROM client_details_TEMP) AS vals(client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection)
ON vals.client_id = client_details.client_id
WHEN NOT MATCHED THEN
INSERT (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES(client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection);

MERGE INTO client_scope
USING (SELECT id, scope FROM client_scope_TEMP, client_details WHERE client_details.client_id = client_scope_TEMP.owner_id) AS vals(id, scope)
ON vals.id = client_scope.owner_id AND vals.scope = client_scope.scope
WHEN NOT MATCHED THEN
INSERT (owner_id, scope) values (vals.id, vals.scope);

MERGE INTO client_redirect_uri
USING (SELECT id, redirect_uri FROM client_redirect_uri_TEMP, client_details WHERE client_details.client_id = client_redirect_uri_TEMP.owner_id) AS vals(id, redirect_uri)
ON vals.id = client_redirect_uri.owner_id AND vals.redirect_uri = client_redirect_uri.redirect_uri
WHEN NOT MATCHED THEN
INSERT (owner_id, redirect_uri) values (vals.id, vals.redirect_uri);

MERGE INTO client_grant_type
USING (SELECT id, grant_type FROM client_grant_type_TEMP, client_details WHERE client_details.client_id = client_grant_type_TEMP.owner_id) AS vals(id, grant_type)
ON vals.id = client_grant_type.owner_id AND vals.grant_type = client_grant_type.grant_type
WHEN NOT MATCHED THEN
INSERT (owner_id, grant_type) values (vals.id, vals.grant_type);

--
-- Close the transaction and turn autocommit back on
--

COMMIT;

SET AUTOCOMMIT TRUE;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -382,3 +382,22 @@ CREATE TABLE IF NOT EXISTS device_code_request_parameter (
param VARCHAR(2048),
val VARCHAR(2048)
);

CREATE TABLE IF NOT EXISTS transaction (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
handle VARCHAR(1024),
interaction VARCHAR(1024),
client_id BIGINT NOT NULL,
status VARCHAR(256),
callback_uri VARCHAR(1024),
client_nonce VARCHAR(1024),
server_nonce VARCHAR(1024),
interaction_ref VARCHAR(1024),
hash_method VARCHAR(256),
auth_holder_id BIGINT
);

CREATE TABLE IF NOT EXISTS transaction_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,18 @@
<security:access-denied-handler ref="oauthAccessDeniedHandler" />
<security:csrf disabled="true"/>
</security:http>

<security:http pattern="/transaction"
create-session="stateless"
use-expressions="true"
entry-point-ref="http403EntryPoint"
>

<security:intercept-url pattern="/token" access="permitAll" /> <!-- handle authentication internally for now -->
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
<security:csrf disabled="true"/>

</security:http>

<!-- Allow open access to discovery endpoints -->
<security:http pattern="/#{T(org.mitre.openid.connect.web.JWKSetPublishingEndpoint).URL}**" use-expressions="true" entry-point-ref="http403EntryPoint" create-session="stateless">
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,11 @@
<meta name="author" content="">

<!-- stylesheets -->
<link href="resources/bootstrap2/css/bootstrap.css" rel="stylesheet">
<link href="resources/css/bootstrap.css" rel="stylesheet">
<link href="resources/css/bootstrap-sheet.css" rel="stylesheet">
<link href="resources/css/mitreid-connect.css" rel="stylesheet">
<link href="resources/css/mitreid-connect-local.css" rel="stylesheet">
<link href="resources/bootstrap2/css/bootstrap-responsive.css" rel="stylesheet">
<link href="resources/css/bootstrap-responsive.css" rel="stylesheet">
<link href="resources/css/mitreid-connect-responsive.css" rel="stylesheet">
<link href="resources/css/mitreid-connect-responsive-local.css" rel="stylesheet">

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
</h1>

<form name="confirmationForm"
action="${ config.issuer }${ config.issuer.endsWith('/') ? '' : '/' }authorize" method="post">
action="${ config.issuer }${ config.issuer.endsWith('/') ? '' : '/' }${ form_target } " method="post">

<div class="row">
<div class="span5 offset1 well-small" style="text-align: left">
Expand Down
Loading