[NXP-22183] OAuth2: rework consumer registration - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 9.2
Component/s: OAuth

Epic Link:
OAuth2
Tags:
Impact type:

API change
Upgrade notes:
Hide

Added:

OAuth2Client#redirectURIs

OAuth2Client#getRedirectURIs

OAuth2Client#OAuth2Client(String name, String id, String secret, List<String> redirectURIs)

OAuth2Client#isRedirectURIValid(String redirectURI)

OAuth2Client#toString()

Removed OAuth2Client(String name, String id, String secret)

Added the redirectURIs field to the oauth2Client directory schema.
When set through the JSF UI it is a required field and needs to be a comma-separated list of valid redirect URIs.
A valid redirect URI must match this criterion: not be empty AND (start with https OR not start with http (e.g.: nuxeo://authorize) OR match the "http://localhost(:
d+)?(/.*)?" pattern (e.g.: http://localhost:8080/nuxeo))

If the "redirect_uri" parameter is included when calling GET on /oauth2/authorize, it must match one of the redirect URIs defined in the oauth2Client:redirectURIs property of the registered OAuth2 client.
Else the first redirect URI of the registered OAuth2 client is used.

If the "redirect_uri" parameter was included when calling GET on /oauth2/authorize, it needs to be included when calling POST on /oauth2/token and both parameters must match.
Show
Added: OAuth2Client#redirectURIs OAuth2Client#getRedirectURIs OAuth2Client#OAuth2Client(String name, String id, String secret, List<String> redirectURIs) OAuth2Client#isRedirectURIValid(String redirectURI) OAuth2Client#toString() Removed OAuth2Client(String name, String id, String secret) Added the redirectURIs field to the oauth2Client directory schema. When set through the JSF UI it is a required field and needs to be a comma-separated list of valid redirect URIs. A valid redirect URI must match this criterion: not be empty AND (start with https OR not start with http (e.g.: nuxeo://authorize) OR match the "http://localhost(: d+)?(/.*)?" pattern (e.g.: http://localhost:8080/nuxeo )) If the "redirect_uri" parameter is included when calling GET on /oauth2/authorize, it must match one of the redirect URIs defined in the oauth2Client:redirectURIs property of the registered OAuth2 client. Else the first redirect URI of the registered OAuth2 client is used. If the "redirect_uri" parameter was included when calling GET on /oauth2/authorize, it needs to be included when calling POST on /oauth2/token and both parameters must match.
Sprint:
nxfit 9.2.2, nxfit 9.2.3, nxfit 9.2.4, nxfit 9.2.5
Story Points:
3

Description

Allow registering a redirect_ui server-side
Make fields required: Name, Client Id and Redirect URI

Use the server-side redirect_uri in NuxeoOAuth2Filter.

Attachments

Issue Links

is related to

NXP-27300 Allow to relax the mandatory aspect of the "redirect URIs" field when registering an OAuth 2 client

Open

is required by

NXP-22576 Handle a list of redirect URIs + relax constraint on the redirect_uri parameter

Resolved

Activity

People

Assignee:

Antoine Taillefer

Reporter:

Antoine Taillefer

Participants:

Antoine Taillefer, Jenkins

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2017-04-18 14:20

Updated:

2019-04-29 13:12

Resolved:

2017-06-11 20:42

Time Tracking

Estimated:

Remaining:

Logged: