DMC/oauth2-authorization-server
0
0
Fork 0
Code Issues 5 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Implement support for user consent #4

Manually merged
ansv7779 merged 13 commits from user-consent into main 2025-04-25 10:22:44 +02:00
Conversation 0 Commits 13 Files Changed 31 +894 -57

13 Commits

Author SHA1 Message Date
Andreas Svanberg
c48eee489b
Allow everyone to register clients
All checks were successful
/ build (push) Successful in 2m16s
Details
2025-04-24 16:35:03 +02:00
Andreas Svanberg
29924e6d42
Show exactly what personal information is being asked for during consent 2025-04-24 16:30:59 +02:00
Andreas Svanberg
31cd05b12e
Handle denying consent 2025-04-24 16:17:45 +02:00
Andreas Svanberg
e79387bc2e
Persist granted user consent
All checks were successful
/ build (push) Successful in 2m12s
Details
2025-04-23 23:47:27 +02:00
Andreas Svanberg
2ebf8c649d
Handle consent token coming back during custom authorization flow
All checks were successful
/ build (push) Successful in 2m17s
Details
2025-04-23 17:12:16 +02:00
Andreas Svanberg
f1fbd306e2
Skip consent for developers in staging 
With the custom authorization in place, the current user is always the developer while the authorization request token may contain a custom principal. When Spring Authorization Server attempts to validate the submitted consent, it checks that the current user is the same as the authorization request token - which it is not. The easiest solution is to disable consent in staging for developers.
 2025-04-23 17:10:13 +02:00
Andreas Svanberg
119e27f5da
Do not ask for consent for "openid" scope 
The scope itself does nothing, without any of the additional OIDC scopes such as "profile" or "email" the ID token is completely empty. Therefore, it is unneccessary to ask for consent for it and it would just complicate matters. What would happen if a user consented to the "profile" scope but not the "openid" scope?
 2025-04-23 12:50:50 +02:00
Andreas Svanberg
efcfddaa70
Expand on what each scope means during user consent 2025-04-23 12:27:01 +02:00
Andreas Svanberg
e826ce523d
Add proper tests for the consent page
All checks were successful
/ build (push) Successful in 1m50s
Details
2025-04-22 15:29:35 +02:00
Andreas Svanberg
0c55c25abf
Add consent page (GUI)
All checks were successful
/ build (push) Successful in 2m6s
Details
2025-04-22 00:36:48 +02:00
Andreas Svanberg
c8f28d8283
Add consent page 2025-04-22 00:36:48 +02:00
Andreas Svanberg
1b08cdaf44
Test for authorization code flow with consent 2025-04-22 00:36:48 +02:00
Andreas Svanberg
ea5c3a1c00
Support for configuring end user consent requirement for clients 
Developers can decide if consent is required and for everyone else it is *always* required.
 2025-04-22 00:36:48 +02:00