combine HTTP content negotiation with client preferences for user info endpoint

pull/627/head
Justin Richer 2014-06-28 23:44:37 -04:00
parent 1de2a61176
commit 078bf5e464
2 changed files with 31 additions and 13 deletions

View File

@ -120,9 +120,9 @@ public class UserInfoJwtView extends UserInfoView {
}
} else {
JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm();
JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm(); // default to the server's preference
if (client.getUserInfoSignedResponseAlg() != null) {
signingAlg = client.getUserInfoSignedResponseAlg();
signingAlg = client.getUserInfoSignedResponseAlg(); // override with the client's preference if available
}
SignedJWT signed = new SignedJWT(new JWSHeader(signingAlg), claims);

View File

@ -55,6 +55,8 @@ public class UserInfoEndpoint {
private static Logger logger = LoggerFactory.getLogger(UserInfoEndpoint.class);
private static final MediaType JOSE_MEDIA_TYPE = new MediaType("application", "jwt");
/**
* Get information about the user as specified in the accessToken included in this request
*/
@ -90,21 +92,37 @@ public class UserInfoEndpoint {
model.addAttribute("userInfo", userInfo);
// content negotiation
List<MediaType> mediaTypes = MediaType.parseMediaTypes(acceptHeader);
MediaType.sortBySpecificityAndQuality(mediaTypes);
MediaType jose = new MediaType("application", "jwt");
for (MediaType m : mediaTypes) {
if (!m.isWildcardType() && m.isCompatibleWith(jose)) {
// start off by seeing if the client has registered for a signed/encrypted JWT from here
ClientDetailsEntity client = clientService.loadClientByClientId(auth.getOAuth2Request().getClientId());
model.addAttribute("client", client);
List<MediaType> mediaTypes = MediaType.parseMediaTypes(acceptHeader);
MediaType.sortBySpecificityAndQuality(mediaTypes);
if (client.getUserInfoSignedResponseAlg() != null
|| client.getUserInfoEncryptedResponseAlg() != null
|| client.getUserInfoEncryptedResponseEnc() != null) {
// client has a preference, see if they ask for plain JSON specifically on this request
for (MediaType m : mediaTypes) {
if (!m.isWildcardType() && m.isCompatibleWith(MediaType.APPLICATION_JSON)) {
return "userInfoView";
}
}
// otherwise return JWT
return "userInfoJwtView";
} else {
// client has no preference, see if they asked for JWT specifically on this request
for (MediaType m : mediaTypes) {
if (!m.isWildcardType() && m.isCompatibleWith(JOSE_MEDIA_TYPE)) {
return "userInfoJwtView";
}
}
// otherwise return JSON
return "userInfoView";
}
}