Skip to content

Validation of Client Registration Ids #14555

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
rwinch opened this issue Sep 20, 2018 · 1 comment
Closed

Validation of Client Registration Ids #14555

rwinch opened this issue Sep 20, 2018 · 1 comment
Labels
status: superseded An issue that has been superseded by another

Comments

@rwinch
Copy link
Member

rwinch commented Sep 20, 2018
edited
Loading

With the changes in f5deebf#diff-b716836901d5fea39e485e35997f2f62 we should probably validate the client registration ids are not duplicated. For example, with the old configuration this:

spring:
  security:
    oauth2:
      client:
        provider:
          idp:
            issuer-uri: https://example.com
        registration:
          idp:
            client-id: client-id
            client-secret: client-secret
          idp:
            client-id: client-id
            client-secret: client-secret

produced an error:

Caused by: org.yaml.snakeyaml.constructor.DuplicateKeyException: while constructing a mapping
 in 'reader', line 18, column 11:
              idp:
              ^
found duplicate key idp
 in 'reader', line 21, column 11:
              idp:
              ^

	at org.yaml.snakeyaml.constructor.SafeConstructor.processDuplicateKeys(SafeConst

However, the new configuration does not produce an error:

spring:
  security:
    oauth2:
      client:
        provider:
          idp:
            issuer-uri: https://example.com
        registration:
          login:
            idp:
              client-id: client-id
              client-secret: client-secret
            authorizationcode:
              idp:
                client-id: client-id
                client-secret: client-secret

Related: #14554
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Sep 20, 2018
@philwebb philwebb added type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Sep 21, 2018
@philwebb philwebb added this to the 2.1.x milestone Sep 21, 2018
@ayudovin ayudovin mentioned this issue Sep 26, 2018
Closed
@mbhave
Copy link
Contributor

mbhave commented Oct 1, 2018

Closing in favor of #14609.

@mbhave mbhave closed this as completed Oct 1, 2018
@mbhave mbhave added status: superseded An issue that has been superseded by another and removed type: enhancement A general enhancement labels Oct 1, 2018
@mbhave mbhave removed this from the 2.1.x milestone Oct 1, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: superseded An issue that has been superseded by another
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rwinch @philwebb @mbhave @spring-projects-issues