From 520fe25ba491e0781f8b9952409eba99a231f26e Mon Sep 17 00:00:00 2001 From: Joe Grandja <10884212+jgrandja@users.noreply.github.com> Date: Tue, 25 Jun 2024 05:56:30 -0400 Subject: [PATCH] Fix to allow multiple public client registrations Closes gh-1641 --- .../JdbcRegisteredClientRepository.java | 14 ++++++++------ .../JdbcRegisteredClientRepositoryTests.java | 19 ++++++++++++++++++- 2 files changed, 26 insertions(+), 7 deletions(-) diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepository.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepository.java index 4fe3a52fb..7886d1b6c 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepository.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepository.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2023 the original author or authors. + * Copyright 2020-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -174,11 +174,13 @@ private void assertUniqueIdentifiers(RegisteredClient registeredClient) { throw new IllegalArgumentException("Registered client must be unique. " + "Found duplicate client identifier: " + registeredClient.getClientId()); } - count = this.jdbcOperations.queryForObject(COUNT_REGISTERED_CLIENT_SQL + "client_secret = ?", Integer.class, - registeredClient.getClientSecret()); - if (count != null && count > 0) { - throw new IllegalArgumentException("Registered client must be unique. " - + "Found duplicate client secret for identifier: " + registeredClient.getId()); + if (StringUtils.hasText(registeredClient.getClientSecret())) { + count = this.jdbcOperations.queryForObject(COUNT_REGISTERED_CLIENT_SQL + "client_secret = ?", Integer.class, + registeredClient.getClientSecret()); + if (count != null && count > 0) { + throw new IllegalArgumentException("Registered client must be unique. " + + "Found duplicate client secret for identifier: " + registeredClient.getId()); + } } } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepositoryTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepositoryTests.java index e5d8c7956..9ec94c4f5 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepositoryTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepositoryTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2023 the original author or authors. + * Copyright 2020-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -168,6 +168,23 @@ public void saveWhenClientSecretNullThenSaved() { assertThat(registeredClient).isEqualTo(expectedRegisteredClient); } + // gh-1641 + @Test + public void saveWhenMultipleWithClientSecretEmptyThenSaved() { + RegisteredClient registeredClient1 = TestRegisteredClients.registeredClient() + .id("registration-1") + .clientId("client-1") + .clientSecret("") + .build(); + this.registeredClientRepository.save(registeredClient1); + RegisteredClient registeredClient2 = TestRegisteredClients.registeredClient() + .id("registration-2") + .clientId("client-2") + .clientSecret("") + .build(); + this.registeredClientRepository.save(registeredClient2); + } + @Test public void saveWhenExistingClientIdThenThrowIllegalArgumentException() { RegisteredClient registeredClient1 = TestRegisteredClients.registeredClient()