public or confidential client application

src/main/kotlin/com/vauthenticator/server/oauth2/clientapp/ClientApplicationConfig.kt

@@ -1,8 +1,6 @@
 package com.vauthenticator.server.oauth2.clientapp
 
 import com.fasterxml.jackson.databind.ObjectMapper
-import com.vauthenticator.server.account.adapter.jdbc.JdbcAccountRepository
-import com.vauthenticator.server.account.domain.AccountRepository
 import com.vauthenticator.server.cache.CacheOperation
 import com.vauthenticator.server.cache.RedisCacheOperation
 import com.vauthenticator.server.oauth2.clientapp.adapter.cache.CachedClientApplicationRepository
@@ -19,8 +17,7 @@ import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.context.annotation.Profile
 import org.springframework.data.redis.core.RedisTemplate
-import org.springframework.jdbc.core.JdbcTemplate
-import org.springframework.security.crypto.password.PasswordEncoder
+import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate
 import software.amazon.awssdk.services.dynamodb.DynamoDbClient
 import java.time.Duration
 
@@ -30,8 +27,8 @@ class ClientApplicationConfig {
 
     @Bean("clientApplicationRepository")
     @Profile("database")
-    fun jdbcClientApplicationRepository(jdbcTemplate: JdbcTemplate, objectMapper: ObjectMapper) : ClientApplicationRepository =
-        JdbcClientApplicationRepository(jdbcTemplate, objectMapper)
+    fun jdbcClientApplicationRepository(namedParameterJdbcTemplate: NamedParameterJdbcTemplate, objectMapper: ObjectMapper) : ClientApplicationRepository =
+        JdbcClientApplicationRepository(namedParameterJdbcTemplate, objectMapper)
 
     @Bean("clientApplicationRepository")
     @ConditionalOnProperty(

src/main/kotlin/com/vauthenticator/server/oauth2/clientapp/adapter/dynamodb/DynamoClientApplicationConverter.kt

@@ -13,6 +13,7 @@ object DynamoClientApplicationConverter {
         val dynamoDocument = mutableMapOf(
             "client_id" to clientApp.clientAppId.content.asDynamoAttribute(),
             "client_secret" to clientApp.secret.content.asDynamoAttribute(),
+            "confidential" to clientApp.confidential.asDynamoAttribute(),
             "with_pkce" to clientApp.withPkce.content.asDynamoAttribute(),
             "scopes" to clientApp.scopes.asDynamoAttribute(),
             "authorized_grant_types" to clientApp.authorizedGrantTypes.asDynamoAttribute(),
@@ -32,6 +33,7 @@ object DynamoClientApplicationConverter {
         return ClientApplication(
             clientAppId = ClientAppId(dynamoPayload.valueAsStringFor("client_id")),
             secret = Secret(dynamoPayload.valueAsStringFor("client_secret")),
+            confidential = dynamoPayload.valueAsBoolFor("confidential"),
             withPkce = WithPkce(dynamoPayload.valueAsBoolFor("with_pkce")),
             scopes = Scopes(dynamoPayload.valuesAsListOfStringFor("scopes").map { Scope(it) }.toSet()),
             authorizedGrantTypes = AuthorizedGrantTypes(

src/main/kotlin/com/vauthenticator/server/oauth2/clientapp/adapter/jdbc/JdbcClientApplicationRepository.kt

@@ -2,13 +2,14 @@ package com.vauthenticator.server.oauth2.clientapp.adapter.jdbc
 
 import com.fasterxml.jackson.databind.ObjectMapper
 import com.vauthenticator.server.oauth2.clientapp.domain.*
-import org.springframework.jdbc.core.JdbcTemplate
+import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate
 import java.sql.ResultSet
 import java.util.*
 
 private const val FINED_ALL_QUERY = """
     SELECT client_app_id,
     secret,
+    confidential,
     scopes,
     with_pkce,
     authorized_grant_types,
@@ -21,23 +22,13 @@ private const val FINED_ALL_QUERY = """
 logout_uri FROM CLIENT_APPLICATION
 """
 private const val FINED_ONE_QUERY = """
-    SELECT client_app_id,
-    secret,
-    scopes,
-    with_pkce,
-    authorized_grant_types,
-    web_server_redirect_uri,
-    access_token_validity,
-    refresh_token_validity,
-    additional_information,
-    auto_approve,
-    post_logout_redirect_uri,
-logout_uri FROM CLIENT_APPLICATION WHERE client_app_id=?
+    $FINED_ALL_QUERY WHERE client_app_id=:client_app_id
 """
 private const val SAVE_QUERY = """
     INSERT INTO CLIENT_APPLICATION (
     client_app_id,
     secret,
+    confidential,
     scopes,
     with_pkce,
     authorized_grant_types,
@@ -48,68 +39,65 @@ private const val SAVE_QUERY = """
     auto_approve,
     post_logout_redirect_uri,
     logout_uri)
-     VALUES (?,?,?,?,?,?,?,?,?,?,?,?)  ON CONFLICT(client_app_id) DO UPDATE SET secret=?,
-    scopes=?,
-    with_pkce=?,
-    authorized_grant_types=?,
-    web_server_redirect_uri=?,
-    access_token_validity=?,
-    refresh_token_validity=?,
-    additional_information=?,
-    auto_approve=?,
-    post_logout_redirect_uri=?,
-logout_uri=?
+     VALUES (:client_app_id,:secret,:confidential,:scopes,:with_pkce,:authorized_grant_types,:web_server_redirect_uri,:access_token_validity,:refresh_token_validity,:additional_information,:auto_approve,:post_logout_redirect_uri,:logout_uri)  ON CONFLICT(client_app_id) DO UPDATE SET secret=:secret,
+    confidential=:confidential,
+    scopes=:scopes,
+    with_pkce=:with_pkce,
+    authorized_grant_types=:authorized_grant_types,
+    web_server_redirect_uri=:web_server_redirect_uri,
+    access_token_validity=:access_token_validity,
+    refresh_token_validity=:refresh_token_validity,
+    additional_information=:additional_information,
+    auto_approve=:auto_approve,
+    post_logout_redirect_uri=:post_logout_redirect_uri,
+logout_uri=:logout_uri
 """
-private const val DELETE_QUERY = """DELETE FROM CLIENT_APPLICATION WHERE client_app_id=?"""
+private const val DELETE_QUERY = """DELETE FROM CLIENT_APPLICATION WHERE client_app_id=:client_app_id"""
 
-class JdbcClientApplicationRepository(private val jdbcTemplate: JdbcTemplate, private val objectMapper: ObjectMapper) :
+class JdbcClientApplicationRepository(
+    private val namedJdbcTemplate: NamedParameterJdbcTemplate,
+    private val objectMapper: ObjectMapper
+) :
     ClientApplicationRepository {
     override fun findOne(clientAppId: ClientAppId): Optional<ClientApplication> {
-        val queryResult = jdbcTemplate.query(FINED_ONE_QUERY, { rs, _ ->
-            JdbcClientApplicationConverter.fromDbToDomain(rs, objectMapper)
-        }, clientAppId.content)
+        val queryResult =
+            namedJdbcTemplate.query(FINED_ONE_QUERY, mapOf("client_app_id" to clientAppId.content)) { rs, _ ->
+                JdbcClientApplicationConverter.fromDbToDomain(rs, objectMapper)
+            }
         return Optional.ofNullable(queryResult.firstOrNull())
     }
 
     override fun findAll(): Iterable<ClientApplication> {
-        return jdbcTemplate.query(FINED_ALL_QUERY) { rs, _ ->
+        return namedJdbcTemplate.query(FINED_ALL_QUERY) { rs, _ ->
             JdbcClientApplicationConverter.fromDbToDomain(rs, objectMapper)
         }
     }
 
     override fun save(clientApp: ClientApplication) {
-        jdbcTemplate.update(
-            SAVE_QUERY,
-            clientApp.clientAppId.content,
-
-            clientApp.secret.content,
-            clientApp.scopes.content.joinToString(separator = ",") { it.content },
-            clientApp.withPkce.content,
-            clientApp.authorizedGrantTypes.content.joinToString(separator = ",") { it.name },
-            clientApp.webServerRedirectUri.content,
-            clientApp.accessTokenValidity.content,
-            clientApp.refreshTokenValidity.content,
-            objectMapper.writeValueAsString(clientApp.additionalInformation),
-            clientApp.autoApprove.content,
-            clientApp.postLogoutRedirectUri.content,
-            clientApp.logoutUri.content,
-
-            clientApp.secret.content,
-            clientApp.scopes.content.joinToString(separator = ",") { it.content },
-            clientApp.withPkce.content,
-            clientApp.authorizedGrantTypes.content.joinToString(separator = ",") { it.name },
-            clientApp.webServerRedirectUri.content,
-            clientApp.accessTokenValidity.content,
-            clientApp.refreshTokenValidity.content,
-            objectMapper.writeValueAsString(clientApp.additionalInformation),
-            clientApp.autoApprove.content,
-            clientApp.postLogoutRedirectUri.content,
-            clientApp.logoutUri.content,
-        )
+        namedJdbcTemplate
+            .update(
+                SAVE_QUERY,
+                mapOf(
+                    "client_app_id" to clientApp.clientAppId.content,
+                    "secret" to clientApp.secret.content,
+                    "confidential" to clientApp.confidential,
+                    "scopes" to
+                            clientApp.scopes.content.joinToString(separator = ",") { it.content },
+                    "with_pkce" to clientApp.withPkce.content,
+                    "authorized_grant_types" to clientApp.authorizedGrantTypes.content.joinToString(separator = ",") { it.name },
+                    "web_server_redirect_uri" to clientApp.webServerRedirectUri.content,
+                    "access_token_validity" to clientApp.accessTokenValidity.content,
+                    "refresh_token_validity" to clientApp.refreshTokenValidity.content,
+                    "additional_information" to objectMapper.writeValueAsString(clientApp.additionalInformation),
+                    "auto_approve" to clientApp.autoApprove.content,
+                    "post_logout_redirect_uri" to clientApp.postLogoutRedirectUri.content,
+                    "logout_uri" to clientApp.logoutUri.content
+                )
+            )
     }
 
     override fun delete(clientAppId: ClientAppId) {
-        jdbcTemplate.update(DELETE_QUERY, clientAppId.content)
+        namedJdbcTemplate.update(DELETE_QUERY, mapOf("client_app_id" to clientAppId.content))
     }
 
 }
@@ -119,6 +107,7 @@ object JdbcClientApplicationConverter {
     fun fromDbToDomain(rs: ResultSet, objectMapper: ObjectMapper) = ClientApplication(
         clientAppId = ClientAppId(rs.getString("client_app_id")),
         secret = Secret(rs.getString("secret")),
+        confidential = rs.getBoolean("confidential"),
         scopes = Scopes(rs.getString("scopes").split(",").map { Scope(it.trim()) }.toSet()),
         withPkce = WithPkce(rs.getBoolean("with_pkce")),
         authorizedGrantTypes = AuthorizedGrantTypes(

src/main/kotlin/com/vauthenticator/server/oauth2/clientapp/domain/ClientApplication.kt

@@ -3,6 +3,7 @@ package com.vauthenticator.server.oauth2.clientapp.domain
 data class ClientApplication(
     val clientAppId: ClientAppId,
     val secret: Secret,
+    val confidential: Boolean = true,
     val scopes: Scopes,
     val withPkce: WithPkce = WithPkce.disabled,
     val authorizedGrantTypes: AuthorizedGrantTypes,
@@ -36,7 +37,7 @@ data class AuthorizedGrantTypes(val content: List<AuthorizedGrantType>) {
     }
 }
 
-enum class AuthorizedGrantType { CLIENT_CREDENTIALS, PASSWORD, AUTHORIZATION_CODE, IMPLICIT, REFRESH_TOKEN }
+enum class AuthorizedGrantType { CLIENT_CREDENTIALS, AUTHORIZATION_CODE, REFRESH_TOKEN }
 
 data class Secret(val content: String)
 

src/main/resources/data/schema.sql

@@ -89,6 +89,7 @@ CREATE TABLE CLIENT_APPLICATION
     client_app_id            varchar(255) not null PRIMARY KEY,
     secret                   varchar(255) not null,
     scopes                   text         not null,
+    confidential             boolean      not null default true,
     with_pkce                boolean      not null default false,
     authorized_grant_types   varchar(255) not null,
     web_server_redirect_uri  varchar(255) not null,

src/test/kotlin/com/vauthenticator/server/oauth2/clientapp/adapter/AbstractClientApplicationRepositoryTest.kt

@@ -51,6 +51,20 @@ abstract class AbstractClientApplicationRepositoryTest {
 
         assertEquals(Optional.empty<ClientApplication>(), actual)
     }
+    @Test
+    fun `when store a public client application, check if it exist and then delete a client application by client`() {
+        val clientAppId = ClientAppId("client_id")
+        val expected = ClientAppFixture.aClientApp(clientAppId).copy(confidential = false)
+        uut.save(expected)
+        var actual = uut.findOne(clientAppId)
+
+        assertEquals(Optional.of(expected), actual)
+
+        uut.delete(clientAppId)
+        actual = uut.findOne(clientAppId)
+
+        assertEquals(Optional.empty<ClientApplication>(), actual)
+    }
 
     @Test
     fun `when find all client applications`() {

src/test/kotlin/com/vauthenticator/server/oauth2/clientapp/adapter/jdbc/JdbcClientApplicationRepositoryTest.kt

@@ -3,7 +3,7 @@ package com.vauthenticator.server.oauth2.clientapp.adapter.jdbc
 import com.fasterxml.jackson.module.kotlin.jacksonObjectMapper
 import com.vauthenticator.server.oauth2.clientapp.adapter.AbstractClientApplicationRepositoryTest
 import com.vauthenticator.server.oauth2.clientapp.domain.ClientApplicationRepository
-import com.vauthenticator.server.support.JdbcUtils.jdbcTemplate
+import com.vauthenticator.server.support.JdbcUtils.namedJdbcTemplate
 import com.vauthenticator.server.support.JdbcUtils.resetDb
 
 class JdbcClientApplicationRepositoryTest : AbstractClientApplicationRepositoryTest() {
@@ -13,6 +13,6 @@ class JdbcClientApplicationRepositoryTest : AbstractClientApplicationRepositoryT
     }
 
     override fun initUnitUnderTest(): ClientApplicationRepository =
-        JdbcClientApplicationRepository(jdbcTemplate, jacksonObjectMapper())
+        JdbcClientApplicationRepository(namedJdbcTemplate, jacksonObjectMapper())
 
 }

src/test/kotlin/com/vauthenticator/server/oauth2/clientapp/domain/ReadClientApplicationTest.kt

@@ -23,7 +23,7 @@ class ReadClientApplicationTest {
         every { clientApplicationRepository.findOne(clientAppId) } returns Optional.of(aClientApp(clientAppId))
 
         val actual: Optional<ClientApplication> = readClientApplication.findOne(clientAppId)
-        assertEquals(actual, Optional.of(aClientApp(clientAppId, Secret("*******"))))
+        assertEquals(actual, Optional.of(aClientApp(clientAppId = clientAppId, password = Secret("*******"))))
     }
 
     @Test
@@ -34,6 +34,6 @@ class ReadClientApplicationTest {
         every { clientApplicationRepository.findAll() } returns listOf(aClientApp(clientAppId))
 
         val actual: List<ClientApplication> = readClientApplication.findAll()
-        assertEquals(actual, listOf(aClientApp(clientAppId, Secret("*******"))))
+        assertEquals(actual, listOf(aClientApp(clientAppId = clientAppId, password = Secret("*******"))))
     }
 }

src/test/kotlin/com/vauthenticator/server/support/ClientAppFixture.kt

@@ -7,14 +7,16 @@ const val A_CLIENT_APP_ID = "A_CLIENT_APP_ID"
 object ClientAppFixture {
     fun aClientApp(
         clientAppId: ClientAppId,
+        confidential: Boolean = true,
         password: Secret = Secret("secret"),
         logoutUri: LogoutUri = LogoutUri("http://an_uri"),
     ) = ClientApplication(
         clientAppId,
         password,
+        confidential,
         Scopes.from(Scope.EMAIL, Scope.OPEN_ID, Scope.PROFILE, Scope.RESET_PASSWORD),
         WithPkce.enabled,
-        AuthorizedGrantTypes.from(AuthorizedGrantType.PASSWORD),
+        AuthorizedGrantTypes.from(AuthorizedGrantType.CLIENT_CREDENTIALS),
         CallbackUri("http://an_uri"),
         TokenTimeToLive(10),
         TokenTimeToLive(10),

src/test/kotlin/com/vauthenticator/server/support/JdbcUtils.kt

@@ -4,6 +4,7 @@ import org.postgresql.Driver
 import org.slf4j.Logger
 import org.slf4j.LoggerFactory
 import org.springframework.jdbc.core.JdbcTemplate
+import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate
 import org.springframework.jdbc.datasource.SimpleDriverDataSource
 import java.nio.file.Files
 import java.nio.file.Paths
@@ -21,6 +22,8 @@ object JdbcUtils {
         )
     )
 
+    val namedJdbcTemplate: NamedParameterJdbcTemplate = NamedParameterJdbcTemplate(jdbcTemplate)
+
 
     fun resetDb() {
         try {