Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reset the client secret when the authentication is set to none #676

Closed
wants to merge 2 commits into from

Conversation

federicaagostini
Copy link
Contributor

When a clients is public (i.e. the "Token endpoint authentication method" box is checked to No authentication) the secret was still present in the db and a token request was resulting in a "Bad credentials" response.

Now the secret is set to null when the client is public and no more authentication is required at the token endpoint.

if (newClient.getTokenEndpointAuthMethod().equals(AuthMethod.NONE)) {
newClient.setTokenEndpointAuthMethod(AuthMethod.NONE);
newClient.setClientSecret(null);
} else if (!newClient.getTokenEndpointAuthMethod().equals(AuthMethod.NONE)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isnt' the condition !newClient.getTokenEndpointAuthMethod().equals(AuthMethod.NONE) useless, since we are in the else branch of that condition?

if (newClient.getTokenEndpointAuthMethod().equals(AuthMethod.NONE)) {
newClient.setTokenEndpointAuthMethod(AuthMethod.NONE);
newClient.setClientSecret(null);
} else if (!newClient.getTokenEndpointAuthMethod().equals(AuthMethod.NONE)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Idem

@enricovianello enricovianello changed the base branch from master to develop December 10, 2023 22:28
Copy link

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

60.0% 60.0% Coverage
0.0% 0.0% Duplication

idea Catch issues before they fail your Quality Gate with our IDE extension sonarlint SonarLint

@enricovianello
Copy link
Member

Replaced by #677

@enricovianello enricovianello deleted the issue-599 branch January 24, 2024 13:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants