Dynamic Client Registration about openid-connect-java-spring-server HOT 9 CLOSED

Currently, yes -- nobody's implemented a configuration switch to cut out functionality.

from openid-connect-java-spring-server.

If what people really want is a configuration switch in the core project to disable dynamic registration, then we should provide that and track it under a different issue. Even if we do implement that, it will remain on by default.

We are in a position where we want to disable the dynamic registration. Is overlaying the registration endpoint still the way to go?

from openid-connect-java-spring-server.

Hi,

I want to apply restriction that only pre-approved client can access the server for authentication.
Is it possible to disable Dynamic Client Registration?

Regards,
Kaival

from openid-connect-java-spring-server.

Not easily and not through configuration -- you would need to unmap the endpoint controller, which you could do with an overlay of the appropriate class. You can, however, restrict all of your valid scopes such that dynamically registered clients can't ask for them.

from openid-connect-java-spring-server.

Hi Justin,

Thanks for your reply, I have done the following changes to restrict dynamic configuration,

Commented 'registration_endpoint' in DiscoveryEndpoint.java
Commented '@RequestMapping(value = DynamicClientRegistrationEndpoint.URL)' annotation in DynamicClientRegistrationEndpoint.java
This will helps, if any service provider already knows the registration endpoint?
Can you please guide me, If I am doing anything wrong? or anything else I require to do?

Thanks & Regards,
Kaival

from openid-connect-java-spring-server.

Those changes should be the only two required. Even if someone guesses the registration URL, it shouldn't be getting served. You might want to also comment out the @Controller annotation in the DynamicClientRegistrationEndpoint as well, just to be sure.

from openid-connect-java-spring-server.

@jricher ,I saw you mentioned in this post that we can disable dynamic client registrations by overlay. Which class should I overlay to disable DynamicClientRegistraton? (I tried to overlay DynamicClientRegistrationEndpoint (by extending it) and overriding registerClient and throw exception but I am getting ambiguous bean name exceptions). I understand the way @pkaival did it but I would like to do it with overlay.

Thanks
Mallik

from openid-connect-java-spring-server.

You can do it like the above in an overlay. Overlay the registration endpoint and replace it with an empty class (or just exclude it from the overlay in the first place). Taking out the rest of the information above will help as well, and each of those steps can be done in an overlay. At this point, though, the overlay is increasingly invasive.

If what people really want is a configuration switch in the core project to disable dynamic registration, then we should provide that and track it under a different issue. Even if we do implement that, it will remain on by default.

from openid-connect-java-spring-server.

Currently, I can't read ClientConfiguration. I use client_credentials of grant type to get token. After that use token to get ClientConfiguration via .../register/ but it throw access denied because it was reject by filter ROLE_CLIENT.

from openid-connect-java-spring-server.