combine HTTP content negotiation with client preferences for user info endpoint

2014-06-28 23:44:37 -04:00 · 2014-06-28 23:44:37 -04:00 · 078bf5e464
parent 1de2a61176
commit 078bf5e464
2 changed files with 31 additions and 13 deletions
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJwtView.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJwtView.java
@ -120,9 +120,9 @@ public class UserInfoJwtView extends UserInfoView {
 				}
 			} else {

-				JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm();
+				JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm(); // default to the server's preference
 				if (client.getUserInfoSignedResponseAlg() != null) {
-					signingAlg = client.getUserInfoSignedResponseAlg();
+					signingAlg = client.getUserInfoSignedResponseAlg(); // override with the client's preference if available
 				}

 				SignedJWT signed = new SignedJWT(new JWSHeader(signingAlg), claims);
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
@ -55,6 +55,8 @@ public class UserInfoEndpoint {

 	private static Logger logger = LoggerFactory.getLogger(UserInfoEndpoint.class);

+	private static final MediaType JOSE_MEDIA_TYPE = new MediaType("application", "jwt");
+
 	/**
 	 * Get information about the user as specified in the accessToken included in this request
 	 */
@ -90,21 +92,37 @@ public class UserInfoEndpoint {
 		model.addAttribute("userInfo", userInfo);

 		// content negotiation
+
+		// start off by seeing if the client has registered for a signed/encrypted JWT from here
+		ClientDetailsEntity client = clientService.loadClientByClientId(auth.getOAuth2Request().getClientId());
+		model.addAttribute("client", client);
+		
 		List<MediaType> mediaTypes = MediaType.parseMediaTypes(acceptHeader);
 		MediaType.sortBySpecificityAndQuality(mediaTypes);
-
-		MediaType jose = new MediaType("application", "jwt");
-
-		for (MediaType m : mediaTypes) {
-			if (!m.isWildcardType() && m.isCompatibleWith(jose)) {
-				ClientDetailsEntity client = clientService.loadClientByClientId(auth.getOAuth2Request().getClientId());
-				model.addAttribute("client", client);
-
-				return "userInfoJwtView";
+		
+		if (client.getUserInfoSignedResponseAlg() != null 
+				|| client.getUserInfoEncryptedResponseAlg() != null
+				|| client.getUserInfoEncryptedResponseEnc() != null) {
+			// client has a preference, see if they ask for plain JSON specifically on this request
+			for (MediaType m : mediaTypes) {
+				if (!m.isWildcardType() && m.isCompatibleWith(MediaType.APPLICATION_JSON)) {
+					return "userInfoView";
+				}
+			}
+			
+			// otherwise return JWT
+			return "userInfoJwtView";
+		} else {
+			// client has no preference, see if they asked for JWT specifically on this request
+			for (MediaType m : mediaTypes) {
+				if (!m.isWildcardType() && m.isCompatibleWith(JOSE_MEDIA_TYPE)) {
+					return "userInfoJwtView";
+				}
 			}
-		}

-		return "userInfoView";
+			// otherwise return JSON
+			return "userInfoView";
+		}

 	}