Commit e7d327a8 authored by Matija Obreza's avatar Matija Obreza
Browse files

OAuth: Generate client_id in lowercase

- Some software thinks it's an email address (because it includes @) and "formats" the client_id
- Using invalid letter case results in fairly cryptic "Given client ID does not match authenticated client" error
parent 12bf71a3
...@@ -146,7 +146,7 @@ public class OAuthServiceImpl implements OAuthClientDetailsService { ...@@ -146,7 +146,7 @@ public class OAuthServiceImpl implements OAuthClientDetailsService {
@Override @Override
@Transactional @Transactional
public OAuthClient addClient(OAuthClient client) { public OAuthClient addClient(OAuthClient client) {
final String clientId = RandomStringUtils.randomAlphanumeric(5) + "." + RandomStringUtils.randomAlphanumeric(20) + "@" + hostname; final String clientId = RandomStringUtils.randomAlphanumeric(5).toLowerCase() + "." + RandomStringUtils.randomAlphanumeric(20).toLowerCase() + "@" + hostname;
final String clientSecret = RandomStringUtils.randomAlphanumeric(32); final String clientSecret = RandomStringUtils.randomAlphanumeric(32);
final OAuthClient newClient = new OAuthClient(); final OAuthClient newClient = new OAuthClient();
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment