diff --git a/src/main/java/com/eactive/eai/authserver/custom/KjbMGOAuth2Controller.java b/src/main/java/com/eactive/eai/authserver/custom/KjbMGOAuth2Controller.java index 00781b8..9f376ea 100644 --- a/src/main/java/com/eactive/eai/authserver/custom/KjbMGOAuth2Controller.java +++ b/src/main/java/com/eactive/eai/authserver/custom/KjbMGOAuth2Controller.java @@ -92,7 +92,7 @@ public class KjbMGOAuth2Controller { } ClientDetails clientDetails = OAuth2Manager.getInstance().getClientDeatilsStore().get(clientId); - verifyClient(clientDetails, clientId, scopeSet); + verifyClient(clientDetails, clientId, clientSecret, scopeSet); String traceId = UUID.randomUUID().toString().replace("-", ""); response.setHeader(HEADER_TRACEID, traceId); @@ -139,7 +139,7 @@ public class KjbMGOAuth2Controller { } } - private void verifyClient(ClientDetails clientDetails, String clientId, Set scopeSet) + private void verifyClient(ClientDetails clientDetails, String clientId, String clientSecret, Set scopeSet) throws JwtAuthException { if (StringUtils.isBlank(clientId)) { @@ -148,13 +148,24 @@ public class KjbMGOAuth2Controller { "Invalid Mandatory Field {client_id}"); } - if (clientDetails == null) { throw new JwtAuthException( String.format("%d%s%s", HttpStatus.UNAUTHORIZED.value(), SERVICE_CODE_ACCESS_TOKEN, "00"), "Unauthorized. [client not found]"); } + if (StringUtils.isBlank(clientSecret)) { + throw new JwtAuthException( + String.format("%d%s%s", HttpStatus.BAD_REQUEST.value(), SERVICE_CODE_ACCESS_TOKEN, "02"), + "Invalid Mandatory Field {client_secret}"); + } + + if (StringUtils.equals(clientDetails.getClientSecret(), clientSecret)) { + throw new JwtAuthException( + String.format("%d%s%s", HttpStatus.UNAUTHORIZED.value(), SERVICE_CODE_ACCESS_TOKEN, "00"), + "Unauthorized. [Bad client credentials(Client Secret is not match)]"); + } + if (scopeSet.isEmpty()) { throw new JwtAuthException( String.format("%d%s%s", HttpStatus.BAD_REQUEST.value(), SERVICE_CODE_ACCESS_TOKEN, "02"),