opa-java/src/main/java/org/openpodcastapi/opa/client/CustomRegisteredClientRepository.java at 7401c08db4a12de985798a5559a82ab4b52b08c2 · OpenPodcastAPI/opa-java · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
package org.openpodcastapi.opa.client;

import lombok.extern.log4j.Log4j2;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
import org.springframework.stereotype.Repository;

@Log4j2
@Repository
public class CustomRegisteredClientRepository extends JdbcRegisteredClientRepository {

    public CustomRegisteredClientRepository(JdbcTemplate jdbcTemplate) {
        super(jdbcTemplate);
    }

    @Override
    public void save(RegisteredClient client) {
        client.getRedirectUris().forEach(uri -> {
            if (!uri.startsWith("https://") && !uri.startsWith("myapp://")) {
                throw new IllegalArgumentException("Invalid redirect URI: " + uri);
            }
        });

        // Add defaults if missing
        var modified = RegisteredClient.from(client)
                .clientSettings(ClientSettings.builder()
                        .requireProofKey(true)
                        .requireAuthorizationConsent(true)
                        .build())
                .build();

        log.info("Registering new OAuth client: {}", modified.getClientId());
        super.save(modified);
    }
}