github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

combine HTTP content negotiation with client preferences for user info endpoint

pull/627/head
Justin Richer 2014-06-28 23:44:37 -04:00
parent 1de2a61176
commit 078bf5e464
2 changed files with 31 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJwtView.java
View File

@ -120,9 +120,9 @@ public class UserInfoJwtView extends UserInfoView {
} }
} else { } else {
JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm(); JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm(); // default to the server's preference
if (client.getUserInfoSignedResponseAlg() != null) { if (client.getUserInfoSignedResponseAlg() != null) {
signingAlg = client.getUserInfoSignedResponseAlg(); signingAlg = client.getUserInfoSignedResponseAlg(); // override with the client's preference if available
} }
SignedJWT signed = new SignedJWT(new JWSHeader(signingAlg), claims); SignedJWT signed = new SignedJWT(new JWSHeader(signingAlg), claims);

40
openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
View File

@ -55,6 +55,8 @@ public class UserInfoEndpoint {
private static Logger logger = LoggerFactory.getLogger(UserInfoEndpoint.class); private static Logger logger = LoggerFactory.getLogger(UserInfoEndpoint.class);
private static final MediaType JOSE_MEDIA_TYPE = new MediaType("application", "jwt");
/** /**
* Get information about the user as specified in the accessToken included in this request * Get information about the user as specified in the accessToken included in this request
*/ */
@ -90,21 +92,37 @@ public class UserInfoEndpoint {
model.addAttribute("userInfo", userInfo); model.addAttribute("userInfo", userInfo);
// content negotiation // content negotiation
// start off by seeing if the client has registered for a signed/encrypted JWT from here
ClientDetailsEntity client = clientService.loadClientByClientId(auth.getOAuth2Request().getClientId());
model.addAttribute("client", client);
List<MediaType> mediaTypes = MediaType.parseMediaTypes(acceptHeader); List<MediaType> mediaTypes = MediaType.parseMediaTypes(acceptHeader);
MediaType.sortBySpecificityAndQuality(mediaTypes); MediaType.sortBySpecificityAndQuality(mediaTypes);
MediaType jose = new MediaType("application", "jwt"); if (client.getUserInfoSignedResponseAlg() != null
|| client.getUserInfoEncryptedResponseAlg() != null
for (MediaType m : mediaTypes) { || client.getUserInfoEncryptedResponseEnc() != null) {
if (!m.isWildcardType() && m.isCompatibleWith(jose)) { // client has a preference, see if they ask for plain JSON specifically on this request
ClientDetailsEntity client = clientService.loadClientByClientId(auth.getOAuth2Request().getClientId()); for (MediaType m : mediaTypes) {
model.addAttribute("client", client); if (!m.isWildcardType() && m.isCompatibleWith(MediaType.APPLICATION_JSON)) {
return "userInfoView";
return "userInfoJwtView"; }
}
// otherwise return JWT
return "userInfoJwtView";
} else {
// client has no preference, see if they asked for JWT specifically on this request
for (MediaType m : mediaTypes) {
if (!m.isWildcardType() && m.isCompatibleWith(JOSE_MEDIA_TYPE)) {
return "userInfoJwtView";
}
} }
}
return "userInfoView"; // otherwise return JSON
return "userInfoView";
}
} }