github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

put 'kid' into JWS header, closes #784

pull/873/head
Justin Richer 2015-03-18 20:09:06 -04:00
parent 8569213994
commit 22c86d09f8
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java
View File

@ -178,9 +178,13 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
// sign it with the client's secret // sign it with the client's secret
signer.signJwt((SignedJWT) idToken); signer.signJwt((SignedJWT) idToken);
} else { } else {
idClaims.setCustomClaim("kid", jwtService.getDefaultSignerKeyId()); idClaims.setCustomClaim("kid", jwtService.getDefaultSignerKeyId());
idToken = new SignedJWT(new JWSHeader(signingAlg), idClaims); JWSHeader header = new JWSHeader(signingAlg);
header.setKeyID(jwtService.getDefaultSignerKeyId());
idToken = new SignedJWT(header, idClaims);
// sign it with the server's key // sign it with the server's key
jwtService.signJwt((SignedJWT) idToken); jwtService.signJwt((SignedJWT) idToken);