Skip to content

Commit 5b690df

Browse files
jgrandjajgrandja
committed
Avoid persisting client principal in device authorization request
Issue gh-1106
1 parent 1354ca4 commit 5b690df

File tree

1 file changed

+0
-2
lines changed

1 file changed

+0
-2
lines changed

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceAuthorizationRequestAuthenticationProvider.java

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,6 @@
1515
*/
1616
package org.springframework.security.oauth2.server.authorization.authentication;
1717

18-
import java.security.Principal;
1918
import java.time.Instant;
2019
import java.util.Base64;
2120
import java.util.HashSet;
@@ -159,7 +158,6 @@ public Authentication authenticate(Authentication authentication) throws Authent
159158
.authorizationGrantType(AuthorizationGrantType.DEVICE_CODE)
160159
.token(deviceCode)
161160
.token(userCode)
162-
.attribute(Principal.class.getName(), clientPrincipal)
163161
.attribute(OAuth2ParameterNames.SCOPE, new HashSet<>(requestedScopes))
164162
.build();
165163
// @formatter:on

0 commit comments

Comments
 (0)