Skip to content

Check client secret not expired in ClientSecretAuthenticationProvider #850

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
doctormacky opened this issue Aug 10, 2022 · 4 comments
Closed

Check client secret not expired in ClientSecretAuthenticationProvider #850

doctormacky opened this issue Aug 10, 2022 · 4 comments
Assignees
@doctormacky
Labels
type: enhancement A general enhancement
Milestone
0.4.0-M2

Comments

@doctormacky
Copy link

Describe the bug
When check the client id and secret which load from database, the jwt code are always be generated even the client id is expred.

To Reproduce
set a expiration date for client id and secret, then try to call /oauth2/token with the predefined client id and secret.

Expected behavior
return exception like 'the client id is expired'

Sample

A link to a GitHub repository with a minimal, reproducible sample.

Reports that include a sample will take priority over reports that do not.
At times, we may require a sample, so it is good to try and include a sample up front.

I know we can customize the ClientSecretAuthenticationProvider by ourselves, but as a build-in/default one, We should check this attribute (expirate date) by default.
@doctormacky doctormacky added the type: bug A general bug label Aug 10, 2022
@jgrandja jgrandja changed the title Need to check if the client id are expired or not in authenticate method of ClientSecretAuthenticationProvider Check client secret not expired in ClientSecretAuthenticationProvider Aug 17, 2022
@jgrandja
Copy link
Collaborator

Thanks for the request @doctormacky. This would be a good enhancement. Are you interested in submitting a PR?

@jgrandja jgrandja added type: enhancement A general enhancement and removed type: bug A general bug labels Aug 17, 2022
@doctormacky
Copy link
Author

@jgrandja I am glad to help on that, which branch should I work on? I noted that this project is a crazy one and moving very fast.

@jgrandja
Copy link
Collaborator

@doctormacky Please base the PR on 0.4.x. Thank you!

@doctormacky doctormacky mentioned this issue Aug 18, 2022
Closed
@doctormacky
Copy link
Author

@jgrandja I already submit a PR, please review it. thanks.

@jgrandja jgrandja added this to the 0.4.0-M2 milestone Aug 30, 2022
jgrandja pushed a commit that referenced this issue Aug 30, 2022
@liuyunsh @jgrandja
Validate client secret not expired
07d69cb 
Closes gh-850
doba16 pushed a commit to doba16/spring-authorization-server that referenced this issue Apr 21, 2023
@liuyunsh @jgrandja
Validate client secret not expired
b4a6ba8 
Closes spring-projectsgh-850
@jgrandja jgrandja mentioned this issue Feb 5, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@doctormacky doctormacky

Labels
type: enhancement A general enhancement
Projects
None yet
Milestone
0.4.0-M2
Development

No branches or pull requests
2 participants
@doctormacky @jgrandja