diff --git a/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java b/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java index 666586f55f..e0c717088d 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java @@ -107,7 +107,7 @@ public class OIDCLoginProtocolService { public Object auth() { AuthorizationEndpoint endpoint = new AuthorizationEndpoint(authManager, realm, event); ResteasyProviderFactory.getInstance().injectProperties(endpoint); - return endpoint.init(); + return endpoint; } /** @@ -117,7 +117,7 @@ public class OIDCLoginProtocolService { public Object registerPage() { AuthorizationEndpoint endpoint = new AuthorizationEndpoint(authManager, realm, event); ResteasyProviderFactory.getInstance().injectProperties(endpoint); - return endpoint.init().register(); + return endpoint.register(); } /** @@ -127,7 +127,7 @@ public class OIDCLoginProtocolService { public Object token() { TokenEndpoint endpoint = new TokenEndpoint(tokenManager, authManager, realm, event); ResteasyProviderFactory.getInstance().injectProperties(endpoint); - return endpoint.init(); + return endpoint; } @Path("login") @@ -135,7 +135,7 @@ public class OIDCLoginProtocolService { public Object loginPage() { AuthorizationEndpoint endpoint = new AuthorizationEndpoint(authManager, realm, event); ResteasyProviderFactory.getInstance().injectProperties(endpoint); - return endpoint.legacy(OIDCLoginProtocol.CODE_PARAM).init(); + return endpoint.legacy(OIDCLoginProtocol.CODE_PARAM); } @Path("login-status-iframe.html") @@ -150,7 +150,7 @@ public class OIDCLoginProtocolService { public Object grantAccessToken() { TokenEndpoint endpoint = new TokenEndpoint(tokenManager, authManager, realm, event); ResteasyProviderFactory.getInstance().injectProperties(endpoint); - return endpoint.legacy(OAuth2Constants.PASSWORD).init(); + return endpoint.legacy(OAuth2Constants.PASSWORD); } @Path("refresh") @@ -158,7 +158,7 @@ public class OIDCLoginProtocolService { public Object refreshAccessToken() { TokenEndpoint endpoint = new TokenEndpoint(tokenManager, authManager, realm, event); ResteasyProviderFactory.getInstance().injectProperties(endpoint); - return endpoint.legacy(OAuth2Constants.REFRESH_TOKEN).init(); + return endpoint.legacy(OAuth2Constants.REFRESH_TOKEN); } @Path("access/codes") @@ -166,7 +166,7 @@ public class OIDCLoginProtocolService { public Object accessCodeToToken() { TokenEndpoint endpoint = new TokenEndpoint(tokenManager, authManager, realm, event); ResteasyProviderFactory.getInstance().injectProperties(endpoint); - return endpoint.legacy(OAuth2Constants.AUTHORIZATION_CODE).init(); + return endpoint.legacy(OAuth2Constants.AUTHORIZATION_CODE); } @Path("validate") diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java index 8306b7a520..93bf67bb6c 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java @@ -91,6 +91,25 @@ public class AuthorizationEndpoint { @GET public Response build() { + MultivaluedMap params = uriInfo.getQueryParameters(); + + clientId = params.getFirst(OIDCLoginProtocol.CLIENT_ID_PARAM); + responseType = params.getFirst(OIDCLoginProtocol.RESPONSE_TYPE_PARAM); + redirectUriParam = params.getFirst(OIDCLoginProtocol.REDIRECT_URI_PARAM); + state = params.getFirst(OIDCLoginProtocol.STATE_PARAM); + scope = params.getFirst(OIDCLoginProtocol.SCOPE_PARAM); + loginHint = params.getFirst(OIDCLoginProtocol.LOGIN_HINT_PARAM); + prompt = params.getFirst(OIDCLoginProtocol.PROMPT_PARAM); + idpHint = params.getFirst(AdapterConstants.KC_IDP_HINT); + + checkSsl(); + checkRealm(); + checkClient(); + checkResponseType(); + checkRedirectUri(); + + createClientSession(); + switch (action) { case REGISTER: return buildRegister(); @@ -121,29 +140,6 @@ public class AuthorizationEndpoint { return this; } - public AuthorizationEndpoint init() { - MultivaluedMap params = uriInfo.getQueryParameters(); - - clientId = params.getFirst(OIDCLoginProtocol.CLIENT_ID_PARAM); - responseType = params.getFirst(OIDCLoginProtocol.RESPONSE_TYPE_PARAM); - redirectUriParam = params.getFirst(OIDCLoginProtocol.REDIRECT_URI_PARAM); - state = params.getFirst(OIDCLoginProtocol.STATE_PARAM); - scope = params.getFirst(OIDCLoginProtocol.SCOPE_PARAM); - loginHint = params.getFirst(OIDCLoginProtocol.LOGIN_HINT_PARAM); - prompt = params.getFirst(OIDCLoginProtocol.PROMPT_PARAM); - idpHint = params.getFirst(AdapterConstants.KC_IDP_HINT); - - checkSsl(); - checkRealm(); - checkClient(); - checkResponseType(); - checkRedirectUri(); - - createClientSession(); - - return this; - } - private void checkSsl() { if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) { event.error(Errors.SSL_REQUIRED); @@ -172,7 +168,7 @@ public class AuthorizationEndpoint { throw new ErrorPageException(session, Messages.CLIENT_NOT_FOUND ); } - if ((client instanceof ClientModel) && ((ClientModel) client).isBearerOnly()) { + if (client.isBearerOnly()) { event.error(Errors.NOT_ALLOWED); throw new ErrorPageException(session, Messages.BEARER_ONLY ); } @@ -198,7 +194,9 @@ public class AuthorizationEndpoint { event.detail(Details.RESPONSE_TYPE, responseType); if (responseType.equals(OAuth2Constants.CODE)) { - action = Action.CODE; + if (action == null) { + action = Action.CODE; + } } else { event.error(Errors.INVALID_REQUEST); throw new ErrorPageException(session, Messages.INVALID_PARAMETER, OIDCLoginProtocol.RESPONSE_TYPE_PARAM ); diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java index 43538eea6d..ffbc6a78e6 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java @@ -87,6 +87,14 @@ public class TokenEndpoint { @POST public Response build() { + formParams = request.getDecodedFormParameters(); + grantType = formParams.getFirst(OIDCLoginProtocol.GRANT_TYPE_PARAM); + + checkSsl(); + checkRealm(); + checkGrantType(); + checkClient(); + switch (action) { case AUTHORIZATION_CODE: return buildAuthorizationCodeAccessTokenResponse(); @@ -116,18 +124,6 @@ public class TokenEndpoint { return this; } - public TokenEndpoint init() { - formParams = request.getDecodedFormParameters(); - grantType = formParams.getFirst(OIDCLoginProtocol.GRANT_TYPE_PARAM); - - checkSsl(); - checkRealm(); - checkGrantType(); - checkClient(); - - return this; - } - private void checkSsl() { if (!uriInfo.getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) { throw new ErrorResponseException("invalid_request", "HTTPS required", Response.Status.FORBIDDEN);