Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-22183

OAuth2: rework consumer registration

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 9.2
    • Component/s: OAuth
    • Impact type:
      API change
    • Upgrade notes:
      Hide

      Added:

      • OAuth2Client#redirectURIs
      • OAuth2Client#getRedirectURIs
      • OAuth2Client#OAuth2Client(String name, String id, String secret, List<String> redirectURIs)
      • OAuth2Client#isRedirectURIValid(String redirectURI)
      • OAuth2Client#toString()

      Removed OAuth2Client(String name, String id, String secret)

      Added the redirectURIs field to the oauth2Client directory schema.
      When set through the JSF UI it is a required field and needs to be a comma-separated list of valid redirect URIs.
      A valid redirect URI must match this criterion: not be empty AND (start with https OR not start with http (e.g.: nuxeo://authorize) OR match the "http://localhost(:
      d+)?(/.*)?" pattern (e.g.: http://localhost:8080/nuxeo))

      If the "redirect_uri" parameter is included when calling GET on /oauth2/authorize, it must match one of the redirect URIs defined in the oauth2Client:redirectURIs property of the registered OAuth2 client.
      Else the first redirect URI of the registered OAuth2 client is used.

      If the "redirect_uri" parameter was included when calling GET on /oauth2/authorize, it needs to be included when calling POST on /oauth2/token and both parameters must match.

      Show
      Added: OAuth2Client#redirectURIs OAuth2Client#getRedirectURIs OAuth2Client#OAuth2Client(String name, String id, String secret, List<String> redirectURIs) OAuth2Client#isRedirectURIValid(String redirectURI) OAuth2Client#toString() Removed OAuth2Client(String name, String id, String secret) Added the redirectURIs field to the oauth2Client directory schema. When set through the JSF UI it is a required field and needs to be a comma-separated list of valid redirect URIs. A valid redirect URI must match this criterion: not be empty AND (start with https OR not start with http (e.g.: nuxeo://authorize) OR match the "http://localhost(: d+)?(/.*)?" pattern (e.g.: http://localhost:8080/nuxeo )) If the "redirect_uri" parameter is included when calling GET on /oauth2/authorize, it must match one of the redirect URIs defined in the oauth2Client:redirectURIs property of the registered OAuth2 client. Else the first redirect URI of the registered OAuth2 client is used. If the "redirect_uri" parameter was included when calling GET on /oauth2/authorize, it needs to be included when calling POST on /oauth2/token and both parameters must match.
    • Sprint:
      nxfit 9.2.2, nxfit 9.2.3, nxfit 9.2.4, nxfit 9.2.5
    • Story Points:
      3
    • Epic Link:

      Description

      • Allow registering a redirect_ui server-side
      • Make fields required: Name, Client Id and Redirect URI

      Use the server-side redirect_uri in NuxeoOAuth2Filter.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 days
                  2d