put 'kid' into JWS header, closes #784

2015-03-18 20:09:06 -04:00 · 2015-03-18 20:09:06 -04:00 · 22c86d09f8
parent 8569213994
commit 22c86d09f8
1 changed files with 7 additions and 3 deletions
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java
@ -178,9 +178,13 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
 					// sign it with the client's secret
 					signer.signJwt((SignedJWT) idToken);
 				} else {
+					
 					idClaims.setCustomClaim("kid", jwtService.getDefaultSignerKeyId());

-					idToken = new SignedJWT(new JWSHeader(signingAlg), idClaims);
+					JWSHeader header = new JWSHeader(signingAlg);
+					header.setKeyID(jwtService.getDefaultSignerKeyId());
+					
+					idToken = new SignedJWT(header, idClaims);

 					// sign it with the server's key
 					jwtService.signJwt((SignedJWT) idToken);