Blog »

Connect2id server 2.5

2015-03-02

Migration of existing OAuth 2.0 clients to the Connect2id server just got easier with the new 2.5 release.

The standard behaviour of the client registration endpoint is to generate a random client ID and secret for new registrations. While this is fine for most situations, you may want to be able to preset these values if migrating existing clients to the Connect2id server.

This is made possible with the following non-standard registration parameters:

  • preferred_client_id to preset the client identifier
  • preferred_client_secret to preset the client secret

To create a client with a preset client_id and client_secret the privileged master access token is required.

Here is an example registration request with preset ID and secret values for a client using the OAuth 2.0 password grant:

POST /c2id/client-reg HTTP/1.1
Host: demo.c2id.com
Content-Type: application/json
Authorization: Bearer ztucZS1ZyFKgh0tUEruUtiSTXhnexmd6

{
  "grant_types"             : [ "password" ],
  "preferred_client_id"     : "123456",
  "preferred_client_secret" : "ahL7AhthchiNg6beAo5HeijeThae3deiChab7ajiVuip2eodesoBie0ufohtiiK4"
}

More information can be found in the client registration how-to.

Connect2id server 2.5 release notes

Configuration

  • Core provider configuration: Adds op.reg.refreshAccessTokenOnUpdate configuration property to enable / disable refreshing of the registration access token with each client registration update. The previous Connect2id server policy was to always refresh the registration access token on client updates.

  • Core provider configuration: Adds op.reg.alwaysRefreshClientSecretOnUpdate configuration property to enable / disable refreshing of the client secret with each client registration update. If false the client secret will be refreshed only if it has expired. The previous Connect2id server policy was to always refresh the secret on client updates.

  • Core provider configuration: Removes the op.reg.clientIDByteLength configuration property in favour of using an internal lookup table to determine the minimal appropriate client secret length based on the chosen client authentication method, ID token JWS algorithm and UserInfo JWS algorithm at client registration time.

Web API

  • Client registration API: Adds support for a custom preferred_client_secret registration parameter. Enables registration of clients with a preset secret. Requires the master access token or an initial registration token with the client-reg:set-secret scope value. The secret length must satisfy the minimal requirement for the chosen client authentication method, ID token JWS algorithm and UserInfo JWS algorithm (256, 384 or 512 bits).

Dependencies

  • No changes

Bug fixes

  • Removes preferred_client_id from client information responses (issue server/124).

  • Fixes empty response_type on client registration with code token id_token (issue server/111).

  • Ensures minimum client secret length as per JSON Web Signature (JWS) / HMAC specification (server/104).

Ready to try out the new Connect2id server?

Proceed to the download section to get the new package. Questions? Get in touch with us, we'll be delighted to hear from you.