thomasmey
diff --git a/‎openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClientFields.java‎
Lines changed: 2 additions & 1 deletion b/‎openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClientFields.java‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java‎
Lines changed: 37 additions & 31 deletions b/‎openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java‎
Lines changed: 37 additions & 31 deletions
diff --git a/‎openid-connect-common/src/main/java/org/mitre/util/JsonUtils.java‎
Lines changed: 16 additions & 0 deletions b/‎openid-connect-common/src/main/java/org/mitre/util/JsonUtils.java‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎openid-connect-server-webapp/src/main/webapp/resources/js/client.js‎
Lines changed: 4 additions & 8 deletions b/‎openid-connect-server-webapp/src/main/webapp/resources/js/client.js‎
Lines changed: 4 additions & 8 deletions
diff --git a/‎openid-connect-server-webapp/src/main/webapp/resources/js/dynreg.js‎
Lines changed: 4 additions & 1 deletion b/‎openid-connect-server-webapp/src/main/webapp/resources/js/dynreg.js‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎openid-connect-server-webapp/src/main/webapp/resources/template/client.html‎
Lines changed: 11 additions & 0 deletions b/‎openid-connect-server-webapp/src/main/webapp/resources/template/client.html‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎openid-connect-server-webapp/src/main/webapp/resources/template/dynreg.html‎
Lines changed: 11 additions & 0 deletions b/‎openid-connect-server-webapp/src/main/webapp/resources/template/dynreg.html‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java‎
Lines changed: 14 additions & 0 deletions b/‎openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java‎
Lines changed: 10 additions & 3 deletions b/‎openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java‎
Lines changed: 10 additions & 3 deletions
@@ -56,5 +56,6 @@ public interface RegisteredClientFields {
 public String REDIRECT_URIS = "redirect_uris";
 public String CLIENT_SECRET = "client_secret";
 public String CLIENT_ID = "client_id";
-
+public String CODE_CHALLENGE_METHOD = "code_challenge_method";
+
 }
@@ -20,6 +20,36 @@
 package org.mitre.openid.connect;
 
 
+import static org.mitre.util.JsonUtils.getAsArray;
+import static org.mitre.util.JsonUtils.getAsDate;
+import static org.mitre.util.JsonUtils.getAsJweAlgorithm;
+import static org.mitre.util.JsonUtils.getAsJweEncryptionMethod;
+import static org.mitre.util.JsonUtils.getAsJwsAlgorithm;
+import static org.mitre.util.JsonUtils.getAsPkceAlgorithm;
+import static org.mitre.util.JsonUtils.getAsString;
+import static org.mitre.util.JsonUtils.getAsStringSet;
+
+import java.text.ParseException;
+
+import org.mitre.oauth2.model.ClientDetailsEntity;
+import org.mitre.oauth2.model.ClientDetailsEntity.AppType;
+import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
+import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType;
+import org.mitre.oauth2.model.RegisteredClient;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.base.Joiner;
+import com.google.common.base.Splitter;
+import com.google.common.base.Strings;
+import com.google.common.collect.Sets;
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+import com.nimbusds.jose.jwk.JWKSet;
+import com.nimbusds.jwt.JWT;
+import com.nimbusds.jwt.JWTParser;
+
 import static org.mitre.oauth2.model.RegisteredClientFields.APPLICATION_TYPE;
 import static org.mitre.oauth2.model.RegisteredClientFields.CLAIMS_REDIRECT_URIS;
 import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_ID;
@@ -28,6 +58,7 @@
 import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_SECRET;
 import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_SECRET_EXPIRES_AT;
 import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_URI;
+import static org.mitre.oauth2.model.RegisteredClientFields.CODE_CHALLENGE_METHOD;
 import static org.mitre.oauth2.model.RegisteredClientFields.CONTACTS;
 import static org.mitre.oauth2.model.RegisteredClientFields.DEFAULT_ACR_VALUES;
 import static org.mitre.oauth2.model.RegisteredClientFields.DEFAULT_MAX_AGE;
@@ -59,37 +90,6 @@
 import static org.mitre.oauth2.model.RegisteredClientFields.USERINFO_ENCRYPTED_RESPONSE_ALG;
 import static org.mitre.oauth2.model.RegisteredClientFields.USERINFO_ENCRYPTED_RESPONSE_ENC;
 import static org.mitre.oauth2.model.RegisteredClientFields.USERINFO_SIGNED_RESPONSE_ALG;
-import static org.mitre.util.JsonUtils.getAsArray;
-import static org.mitre.util.JsonUtils.getAsDate;
-import static org.mitre.util.JsonUtils.getAsJweAlgorithm;
-import static org.mitre.util.JsonUtils.getAsJweEncryptionMethod;
-import static org.mitre.util.JsonUtils.getAsJwsAlgorithm;
-import static org.mitre.util.JsonUtils.getAsString;
-import static org.mitre.util.JsonUtils.getAsStringSet;
-
-import java.text.ParseException;
-
-import org.mitre.jwt.assertion.AssertionValidator;
-import org.mitre.oauth2.model.ClientDetailsEntity;
-import org.mitre.oauth2.model.ClientDetailsEntity.AppType;
-import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
-import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType;
-import org.mitre.oauth2.model.RegisteredClient;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
-
-import com.google.common.base.Joiner;
-import com.google.common.base.Splitter;
-import com.google.common.base.Strings;
-import com.google.common.collect.Sets;
-import com.google.gson.JsonElement;
-import com.google.gson.JsonObject;
-import com.google.gson.JsonParser;
-import com.nimbusds.jose.jwk.JWKSet;
-import com.nimbusds.jwt.JWT;
-import com.nimbusds.jwt.JWTParser;
 
 /**
  * Utility class to handle the parsing and serialization of ClientDetails objects.
@@ -204,6 +204,9 @@ public static ClientDetailsEntity parse(JsonElement jsonEl) {
 
 c.setClaimsRedirectUris(getAsStringSet(o, CLAIMS_REDIRECT_URIS));
 
+c.setCodeChallengeMethod(getAsPkceAlgorithm(o, CODE_CHALLENGE_METHOD));
+
+// note that this does not process or validate the software statement, that's handled in other components
 String softwareStatement = getAsString(o, SOFTWARE_STATEMENT);
 if (!Strings.isNullOrEmpty(softwareStatement)) {
 try {
@@ -216,6 +219,7 @@ public static ClientDetailsEntity parse(JsonElement jsonEl) {
 }
 
 
+
 return c;
 } else {
 return null;
@@ -339,6 +343,8 @@ public static JsonObject serialize(RegisteredClient c) {
 
 o.add(CLAIMS_REDIRECT_URIS, getAsArray(c.getClaimsRedirectUris()));
 
+o.addProperty(CODE_CHALLENGE_METHOD, c.getCodeChallengeMethod() != null ? c.getCodeChallengeMethod().getName() : null);
+
 if (c.getSoftwareStatement() != null) {
 o.addProperty(SOFTWARE_STATEMENT, c.getSoftwareStatement().serialize());
 }
 
@@ -28,6 +28,7 @@
 import java.util.Map;
 import java.util.Set;
 
+import org.mitre.oauth2.model.PKCEAlgorithm;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -138,6 +139,21 @@ public static JWSAlgorithm getAsJwsAlgorithm(JsonObject o, String member) {
 }
 }
 
+/**
+ * Gets the value of the given member as a PKCE Algorithm, null if it doesn't exist
+ * @param o
+ * @param member
+ * @return
+ */
+public static PKCEAlgorithm getAsPkceAlgorithm(JsonObject o, String member) {
+String s = getAsString(o, member);
+if (s != null) {
+return PKCEAlgorithm.parse(s);
+} else {
+return null;
+}
+}
+
 /**
  * Gets the value of the given member as a string, null if it doesn't exist
  */
 
@@ -77,6 +77,8 @@ var ClientModel = Backbone.Model.extend({
 
  requestUris:[],
 
+ codeChallengeMethod:null,
+ 
  authorities:[],
  accessTokenValiditySeconds: null,
  refreshTokenValiditySeconds: null,
@@ -957,7 +959,8 @@ var ClientFormView = Backbone.View.extend({
  idTokenSignedResponseAlg: this.defaultToNull($('#idTokenSignedResponseAlg select').val()),
  idTokenEncryptedResponseAlg: this.defaultToNull($('#idTokenEncryptedResponseAlg select').val()),
  idTokenEncryptedResponseEnc: this.defaultToNull($('#idTokenEncryptedResponseEnc select').val()),
- tokenEndpointAuthSigningAlg: this.defaultToNull($('#tokenEndpointAuthSigningAlg select').val())
+ tokenEndpointAuthSigningAlg: this.defaultToNull($('#tokenEndpointAuthSigningAlg select').val()),
+ codeChallengeMethod: this.defaultToNull($('#codeChallengeMethod select').val())
  };
 
  // post-validate
@@ -1165,13 +1168,6 @@ var ClientFormView = Backbone.View.extend({
 });
 
 
-// add routes to the app
-/*
-"admin/clients":"listClients",
-"admin/client/new":"newClient",
-"admin/client/:id":"editClient",
-*/
-
 ui.routes.push({path: "admin/clients", name: "listClients", callback: 
  function () {
 
 
@@ -61,6 +61,8 @@ var DynRegClient = Backbone.Model.extend({
 
  request_uris:[],
 
+ code_challenge_method:null,
+
  registration_access_token:null,
  registration_client_uri:null
  },
@@ -435,7 +437,8 @@ var DynRegEditView = Backbone.View.extend({
  id_token_signed_response_alg: this.defaultToNull($('#idTokenSignedResponseAlg select').val()),
  id_token_encrypted_response_alg: this.defaultToNull($('#idTokenEncryptedResponseAlg select').val()),
  id_token_encrypted_response_enc: this.defaultToNull($('#idTokenEncryptedResponseEnc select').val()),
- token_endpoint_auth_signing_alg: this.defaultToNull($('#tokenEndpointAuthSigningAlg select').val())
+ token_endpoint_auth_signing_alg: this.defaultToNull($('#tokenEndpointAuthSigningAlg select').val()),
+ code_challenge_method: this.defaultToNull($('#codeChallengeMethod select').val())
  };
 
  // set all empty strings to nulls
 
@@ -744,6 +744,17 @@ <h1 data-i18n="client.client-form.edit"></h1>
 </div>
 </div>
 
+ <div class="control-group" id="codeChallengeMethod">
+ <label class="control-label" data-i18n="client.client-form.code-challenge-method">Proof Key for Code Exchange (PKCE) Code Challenge Method</label>
+ <div class="controls">
+<select>
+<option value="default" <%-client.codeChallengeMethod == null ? 'selected ' : ''%> data-i18n="client.client-form.code-challenge-none">No code challenge</option>
+<option value="plain" <%-client.codeChallengeMethod == "plain" ? 'selected' : ''%> data-i18n="client.client-form.code-challenge-plain">Plain code challenge</option>
+<option value="S256" <%-client.codeChallengeMethod == "S256" ? 'selected' : ''%> data-i18n="client.client-form.code-challenge-s256">SHA-256 hash algorithm</option>
+</select>
+ </div>
+ </div>
+
 </div>
 
 <div class="tab-pane" id="client-other-tab">
 
@@ -512,6 +512,17 @@ <h1 data-i18n="client.client-form.edit"></h1>
  </select>
  </div>
 </div>
+
+ <div class="control-group" id="codeChallengeMethod">
+ <label class="control-label" data-i18n="client.client-form.code-challenge-method">Proof Key for Code Exchange (PKCE) Code Challenge Method</label>
+ <div class="controls">
+<select>
+<option value="default" <%-client.code_challenge_method == null ? 'selected ' : ''%> data-i18n="client.client-form.code-challenge-none">No code challenge</option>
+<option value="plain" <%-client.code_challenge_method == "plain" ? 'selected' : ''%> data-i18n="client.client-form.code-challenge-plain">Plain code challenge</option>
+<option value="S256" <%-client.code_challenge_method == "S256" ? 'selected' : ''%> data-i18n="client.client-form.code-challenge-s256">SHA-256 hash algorithm</option>
+</select>
+ </div>
+ </div>
 </div>
 
 <div class="tab-pane" id="client-other-tab">
 
@@ -27,6 +27,7 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.mitre.oauth2.model.PKCEAlgorithm;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatus;
@@ -36,11 +37,15 @@
 import com.google.gson.ExclusionStrategy;
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
+import com.google.gson.JsonDeserializationContext;
+import com.google.gson.JsonDeserializer;
 import com.google.gson.JsonElement;
+import com.google.gson.JsonParseException;
 import com.google.gson.JsonParser;
 import com.google.gson.JsonPrimitive;
 import com.google.gson.JsonSerializationContext;
 import com.google.gson.JsonSerializer;
+import com.nimbusds.jose.Algorithm;
 import com.nimbusds.jose.EncryptionMethod;
 import com.nimbusds.jose.JWEAlgorithm;
 import com.nimbusds.jose.JWSAlgorithm;
@@ -118,6 +123,15 @@ public JsonElement serialize(JWT src, Type typeOfSrc, JsonSerializationContext c
 }
 
 })
+.registerTypeAdapter(PKCEAlgorithm.class, new JsonSerializer<PKCEAlgorithm>() {
+public JsonPrimitive serialize(PKCEAlgorithm src, Type typeOfSrc, JsonSerializationContext context) {
+if (src != null) {
+return new JsonPrimitive(src.getName());
+} else {
+return null;
+}
+}
+})
 .serializeNulls()
 .setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
 .create();
 
@@ -29,6 +29,7 @@
 import org.mitre.oauth2.model.ClientDetailsEntity.AppType;
 import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
 import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType;
+import org.mitre.oauth2.model.PKCEAlgorithm;
 import org.mitre.oauth2.service.ClientDetailsEntityService;
 import org.mitre.oauth2.web.AuthenticationUtilities;
 import org.mitre.openid.connect.exception.ValidationException;
@@ -68,9 +69,6 @@
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParseException;
 import com.google.gson.JsonParser;
-import com.google.gson.JsonPrimitive;
-import com.google.gson.JsonSerializationContext;
-import com.google.gson.JsonSerializer;
 import com.google.gson.JsonSyntaxException;
 import com.nimbusds.jose.Algorithm;
 import com.nimbusds.jose.EncryptionMethod;
@@ -203,6 +201,15 @@ public JWT deserialize(JsonElement json, Type typeOfT, JsonDeserializationContex
 }
 }
 })
+.registerTypeAdapter(PKCEAlgorithm.class, new JsonDeserializer<Algorithm>() {
+public PKCEAlgorithm deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
+if (json.isJsonPrimitive()) {
+return PKCEAlgorithm.parse(json.getAsString());
+} else {
+return null;
+}
+}
+})
 .setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
 .create();
Original file line number	Diff line number	Diff line change
`@@ -56,5 +56,6 @@ public interface RegisteredClientFields {`
`56`	`56`	`public String REDIRECT_URIS = "redirect_uris";`
`57`	`57`	`public String CLIENT_SECRET = "client_secret";`
`58`	`58`	`public String CLIENT_ID = "client_id";`
`59`		`-`
	`59`	`+public String CODE_CHALLENGE_METHOD = "code_challenge_method";`
	`60`	`+`
`60`	`61`	`}`