diff --git a/openid-connect-client/src/main/java/org/mitre/oauth2/filter/IntrospectingTokenService.java b/openid-connect-client/src/main/java/org/mitre/oauth2/filter/IntrospectingTokenService.java index f93c52020..d43b8fdd8 100644 --- a/openid-connect-client/src/main/java/org/mitre/oauth2/filter/IntrospectingTokenService.java +++ b/openid-connect-client/src/main/java/org/mitre/oauth2/filter/IntrospectingTokenService.java @@ -94,7 +94,7 @@ public class IntrospectingTokenService implements ResourceServerTokenServices { // create a default authentication object with authority ROLE_API private Authentication createAuthentication(JsonObject token){ // TODO: user_id is going to go away. Will have to fix. - return new PreAuthenticatedAuthenticationToken(token.get("user_id").getAsString(), null, AuthorityUtils.createAuthorityList("ROLE_API")); + return new PreAuthenticatedAuthenticationToken(token.get("sub").getAsString(), null, AuthorityUtils.createAuthorityList("ROLE_API")); } private OAuth2AccessToken createAccessToken(final JsonObject token, final String tokenString){ diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java index cb4d75ce7..b026e39c3 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java @@ -417,9 +417,9 @@ public class AbstractOIDCAuthenticationFilter extends + "ID Token to the session " + NONCE_SESSION_VARIABLE + " failed. Expected " + storedNonce + " got " + nonce + "."); } - // pull the user_id out as a claim on the id_token + // pull the subject (user id) out as a claim on the id_token - String userId = idToken.getClaims().getUserId(); + String userId = idToken.getClaims().getSubject(); // construct an OIDCAuthenticationToken and return a Authentication object w/the userId and the idToken diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationProvider.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationProvider.java index 826b295d5..ae50be245 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationProvider.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationProvider.java @@ -78,9 +78,9 @@ public class OIDCAuthenticationProvider implements if (userInfo == null) { // TODO: user Info not found -- error? } else { - if (!Strings.isNullOrEmpty(userInfo.getUserId()) && !userInfo.getUserId().equals(token.getUserId())) { + if (!Strings.isNullOrEmpty(userInfo.getSub()) && !userInfo.getSub().equals(token.getUserId())) { // the userinfo came back and the user_id fields don't match what was in the id_token - throw new UsernameNotFoundException("user_id mismatch between id_token and user_info call: " + userInfo.getUserId() + " / " + token.getUserId()); + throw new UsernameNotFoundException("user_id mismatch between id_token and user_info call: " + userInfo.getSub() + " / " + token.getUserId()); } } diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/model/JwtClaims.java b/openid-connect-common/src/main/java/org/mitre/jwt/model/JwtClaims.java index 1f9d6eeb9..5cd275b06 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/model/JwtClaims.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/model/JwtClaims.java @@ -25,7 +25,7 @@ public class JwtClaims extends ClaimSet { public static final String TYPE = "typ"; public static final String JWT_ID = "jti"; - public static final String PRINCIPAL = "prn"; + public static final String SUBJECT = "sub"; public static final String AUDIENCE = "aud"; public static final String ISSUER = "iss"; public static final String ISSUED_AT = "iat"; @@ -33,7 +33,6 @@ public class JwtClaims extends ClaimSet { public static final String EXPIRATION = "exp"; public static final String NONCE = "nonce"; - /** * ISO8601 / RFC3339 Date Format */ @@ -72,8 +71,8 @@ public class JwtClaims extends ClaimSet { setIssuer(element.getValue().getAsString()); } else if (element.getKey().equals(AUDIENCE)) { setAudience(element.getValue().getAsString()); - } else if (element.getKey().equals(PRINCIPAL)) { - setPrincipal(element.getValue().getAsString()); + } else if (element.getKey().equals(SUBJECT)) { + setSubject(element.getValue().getAsString()); } else if (element.getKey().equals(JWT_ID)) { setJwtId(element.getValue().getAsString()); } else if (element.getKey().equals(TYPE)) { @@ -162,15 +161,15 @@ public class JwtClaims extends ClaimSet { /** * @return the principal */ - public String getPrincipal() { - return getClaimAsString(PRINCIPAL); + public String getSubject() { + return getClaimAsString(SUBJECT); } /** * @param principal the principal to set */ - public void setPrincipal(String principal) { - setClaim(PRINCIPAL, principal); + public void setSubject(String principal) { + setClaim(SUBJECT, principal); } /** diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java index dfbd3f5e7..a6e384c71 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java @@ -85,7 +85,7 @@ public class ClientDetailsEntity implements ClientDetails { private AppType applicationType; private String clientName; private AuthType tokenEndpointAuthType = AuthType.SECRET_BASIC; - private UserIdType userIdType; + private SubjectType subjectType; private Set contacts; @@ -172,20 +172,20 @@ public class ClientDetailsEntity implements ClientDetails { } } - public enum UserIdType { + public enum SubjectType { PAIRWISE("pairwise"), PUBLIC("public"); private final String value; // map to aid reverse lookup - private static final Map lookup = new HashMap(); + private static final Map lookup = new HashMap(); static { - for (UserIdType u : UserIdType.values()) { + for (SubjectType u : SubjectType.values()) { lookup.put(u.getValue(), u); } } - UserIdType(String value) { + SubjectType(String value) { this.value = value; } @@ -193,7 +193,7 @@ public class ClientDetailsEntity implements ClientDetails { return value; } - public static UserIdType getByValue(String value) { + public static SubjectType getByValue(String value) { return lookup.get(value); } } @@ -547,13 +547,13 @@ public class ClientDetailsEntity implements ClientDetails { } @Enumerated(EnumType.STRING) - @Column(name="user_id_type") - public UserIdType getUserIdType() { - return userIdType; + @Column(name="subject_type") + public SubjectType getSubjectType() { + return subjectType; } - public void setUserIdType(UserIdType userIdType) { - this.userIdType = userIdType; + public void setSubjectType(SubjectType subjectType) { + this.subjectType = subjectType; } @ElementCollection(fetch = FetchType.EAGER) @@ -843,7 +843,7 @@ public class ClientDetailsEntity implements ClientDetails { + clientName + ", " : "") + (tokenEndpointAuthType != null ? "tokenEndpointAuthType=" + tokenEndpointAuthType + ", " : "") - + (userIdType != null ? "userIdType=" + userIdType + ", " : "") + + (subjectType != null ? "subjectType=" + subjectType + ", " : "") + (contacts != null ? "contacts=" + contacts + ", " : "") + (logoUrl != null ? "logoUrl=" + logoUrl + ", " : "") + (policyUrl != null ? "policyUrl=" + policyUrl + ", " : "") @@ -983,7 +983,7 @@ public class ClientDetailsEntity implements ClientDetails { + ((tokenEndpointAuthType == null) ? 0 : tokenEndpointAuthType .hashCode()); result = prime * result - + ((userIdType == null) ? 0 : userIdType.hashCode()); + + ((subjectType == null) ? 0 : subjectType.hashCode()); result = prime * result + ((userInfoEncryptedResponseAlg == null) ? 0 @@ -1212,7 +1212,7 @@ public class ClientDetailsEntity implements ClientDetails { if (tokenEndpointAuthType != other.tokenEndpointAuthType) { return false; } - if (userIdType != other.userIdType) { + if (subjectType != other.subjectType) { return false; } if (userInfoEncryptedResponseAlg != other.userInfoEncryptedResponseAlg) { diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java index 68a96c444..d33dca040 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java @@ -37,7 +37,7 @@ import com.google.gson.JsonObject; }) public class DefaultUserInfo implements UserInfo { - private String userId; + private String sub; private String preferredUsername; private String name; private String givenName; @@ -64,16 +64,16 @@ public class DefaultUserInfo implements UserInfo { @Override @Id @GeneratedValue(strategy=GenerationType.IDENTITY) - @Column(name="user_id") - public String getUserId() { - return userId; + @Column(name="sub") + public String getSub() { + return sub; } /* (non-Javadoc) * @see org.mitre.openid.connect.model.UserInfo#setUserId(java.lang.String) */ @Override - public void setUserId(String userId) { - this.userId = userId; + public void setSub(String sub) { + this.sub = sub; } /* (non-Javadoc) * @see org.mitre.openid.connect.model.UserInfo#getPreferredUsername @@ -363,7 +363,7 @@ public class DefaultUserInfo implements UserInfo { public static UserInfo fromJson(JsonObject obj) { DefaultUserInfo ui = new DefaultUserInfo(); - ui.setUserId(obj.has("user_id") ? obj.get("user_id").getAsString() : null); + ui.setSub(obj.has("sub") ? obj.get("sub").getAsString() : null); ui.setName(obj.has("name") ? obj.get("name").getAsString() : null); ui.setPreferredUsername(obj.has("preferred_username") ? obj.get("preferred_username").getAsString() : null); diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/IdTokenClaims.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/IdTokenClaims.java index 6b7488c75..d19030754 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/IdTokenClaims.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/IdTokenClaims.java @@ -37,7 +37,6 @@ import com.google.gson.JsonParser; @Table(name="idtokenclaims") public class IdTokenClaims extends JwtClaims { - public static final String USER_ID = "user_id"; public static final String AUTHENTICATION_CONTEXT_CLASS_REFERENCE = "acr"; public static final String NONCE = "nonce"; public static final String AUTH_TIME = "auth_time"; @@ -77,15 +76,6 @@ public class IdTokenClaims extends JwtClaims { this.id = id; } - @Transient - public String getUserId() { - return getClaimAsString(USER_ID); - } - - public void setUserId(String user_id) { - setClaim(USER_ID, user_id); - } - @Transient public String getAuthContext() { return getClaimAsString(AUTHENTICATION_CONTEXT_CLASS_REFERENCE); @@ -150,8 +140,6 @@ public class IdTokenClaims extends JwtClaims { for (Entry element : json.entrySet()) { if (element.getValue().isJsonNull()) { pass.add(element.getKey(), element.getValue()); - } else if (element.getKey().equals(USER_ID)) { - setUserId(element.getValue().getAsString()); } else if (element.getKey().equals(AUTHENTICATION_CONTEXT_CLASS_REFERENCE)) { setAuthContext(element.getValue().getAsString()); } else if (element.getKey().equals(NONCE)) { diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/UserInfo.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/UserInfo.java index ca5a2dca4..6367d3db3 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/UserInfo.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/UserInfo.java @@ -18,13 +18,13 @@ public interface UserInfo { * @return the userId */ @Id - @Column(name="user_id") - public abstract String getUserId(); + @Column(name="sub") + public abstract String getSub(); /** - * @param userId the userId to set + * @param sub the userId to set */ - public abstract void setUserId(String userId); + public abstract void setSub(String sub); /** * @return the preferred username diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenIntrospectionView.java b/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenIntrospectionView.java index b07dab402..2c7b2922c 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenIntrospectionView.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenIntrospectionView.java @@ -99,7 +99,7 @@ public class TokenIntrospectionView extends AbstractView { token.addProperty("audience", src.getAuthenticationHolder().getAuthentication().getAuthorizationRequest().getClientId()); - token.addProperty("user_id", src.getAuthenticationHolder().getAuthentication().getName()); + token.addProperty("subject", src.getAuthenticationHolder().getAuthentication().getName()); return token; } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerClientAssertionTokenEndpointFilter.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerClientAssertionTokenEndpointFilter.java index 1a881f55d..61759c74b 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerClientAssertionTokenEndpointFilter.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerClientAssertionTokenEndpointFilter.java @@ -50,7 +50,7 @@ public class JwtBearerClientAssertionTokenEndpointFilter extends ClientCredentia try { Jwt jwt = Jwt.parse(assertion); - String clientId = jwt.getClaims().getPrincipal(); + String clientId = jwt.getClaims().getSubject(); Authentication authRequest = new JwtBearerAssertionAuthenticationToken(clientId, jwt); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java index 45953637c..dd2eea515 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java @@ -51,14 +51,14 @@ public class JpaUserInfoRepository implements UserInfoRepository { @Override @Transactional public UserInfo save(UserInfo userInfo) { - return saveOrUpdate(userInfo.getUserId(), manager, userInfo); + return saveOrUpdate(userInfo.getSub(), manager, userInfo); } @Override @Transactional public void remove(UserInfo userInfo) { - UserInfo found = manager.find(DefaultUserInfo.class, userInfo.getUserId()); + UserInfo found = manager.find(DefaultUserInfo.class, userInfo.getSub()); if (found != null) { manager.remove(userInfo); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultUserInfoUserDetailsService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultUserInfoUserDetailsService.java index 498cc35c0..0ae3be212 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultUserInfoUserDetailsService.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultUserInfoUserDetailsService.java @@ -48,7 +48,7 @@ public class DefaultUserInfoUserDetailsService implements UserDetailsService { } // TODO: this should really be our own UserDetails wrapper class, shouldn't it? - User user = new User(userInfo.getUserId(), password, authorities); + User user = new User(userInfo.getSub(), password, authorities); return user; } else { throw new UsernameNotFoundException("Could not find username: " + username); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java index 3e40a1934..d4849d6f5 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java @@ -109,8 +109,7 @@ public class ConnectTokenEnhancer implements TokenEnhancer { } claims.setIssuer(configBean.getIssuer()); - claims.setUserId(userId); - claims.setPrincipal(userId); // TODO: this is technically redundant + claims.setSubject(userId); claims.setAudience(clientId); idToken.setClaims(claims); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JSONUserInfoView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JSONUserInfoView.java index bbcbfaa1c..8b5002a07 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JSONUserInfoView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JSONUserInfoView.java @@ -90,7 +90,7 @@ public class JSONUserInfoView extends AbstractView { JsonObject obj = new JsonObject(); if (scope.contains("openid")) { - obj.addProperty("user_id", ui.getUserId()); + obj.addProperty("sub", ui.getSub()); } if (scope.contains("profile")) { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/POCOUserInfoView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/POCOUserInfoView.java index 9714d9753..ecac45333 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/POCOUserInfoView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/POCOUserInfoView.java @@ -98,7 +98,7 @@ public class POCOUserInfoView extends AbstractView { JsonObject entry = new JsonObject(); if (scope.contains("openid")) { - entry.addProperty("id", ui.getUserId()); + entry.addProperty("id", ui.getSub()); } if (scope.contains("profile")) { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java index 44a0cd185..c3a77cbcb 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java @@ -10,7 +10,7 @@ import org.mitre.oauth2.exception.ClientNotFoundException; import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.ClientDetailsEntity.AppType; import org.mitre.oauth2.model.ClientDetailsEntity.AuthType; -import org.mitre.oauth2.model.ClientDetailsEntity.UserIdType; +import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType; import org.mitre.oauth2.model.OAuth2AccessTokenEntity; import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.oauth2.service.OAuth2TokenEntityService; @@ -95,19 +95,19 @@ public class ClientDynamicRegistrationEndpoint { /* * UserID type */ - binder.registerCustomEditor(UserIdType.class, new PropertyEditorSupport() { + binder.registerCustomEditor(SubjectType.class, new PropertyEditorSupport() { @Override public void setAsText(String text) throws IllegalArgumentException { if (Strings.isNullOrEmpty(text)) { setValue(null); } else { - setValue(UserIdType.getByValue(text)); + setValue(SubjectType.getByValue(text)); } } @Override public String getAsText() { - UserIdType ut = (UserIdType) getValue(); + SubjectType ut = (SubjectType) getValue(); return ut == null ? null : ut.getValue(); } }); @@ -206,7 +206,7 @@ public class ClientDynamicRegistrationEndpoint { // OPENID CONNECT EXTENSIONS BELOW @RequestParam(value = "application_type", required = false) AppType applicationType, @RequestParam(value = "sector_identifier_url", required = false) String sectorIdentifierUrl, - @RequestParam(value = "user_id_type", required = false) UserIdType userIdType, + @RequestParam(value = "subject_type", required = false) SubjectType subjectType, @RequestParam(value = "require_signed_request_object", required = false) JwsAlgorithm requireSignedRequestObject, // TODO: JWE needs to be handled properly, see @InitBinder above -- we'll ignore these right now /* @@ -248,7 +248,7 @@ public class ClientDynamicRegistrationEndpoint { client.setX509Url(x509Url); client.setX509EncryptionUrl(x509EncryptionUrl); client.setSectorIdentifierUrl(sectorIdentifierUrl); - client.setUserIdType(userIdType); + client.setSubjectType(subjectType); client.setRequireSignedRequestObject(requireSignedRequestObject); client.setDefaultMaxAge(defaultMaxAge); client.setRequireAuthTime(requireAuthTime == null ? false : requireAuthTime.booleanValue()); @@ -369,7 +369,7 @@ public class ClientDynamicRegistrationEndpoint { // OPENID CONNECT EXTENSIONS BELOW @RequestParam(value = "application_type", required = false) AppType applicationType, @RequestParam(value = "sector_identifier_url", required = false) String sectorIdentifierUrl, - @RequestParam(value = "user_id_type", required = false) UserIdType userIdType, + @RequestParam(value = "subject_type", required = false) SubjectType subjectType, @RequestParam(value = "require_signed_request_object", required = false) JwsAlgorithm requireSignedRequestObject, @RequestParam(value = "require_auth_time", required = false, defaultValue = "true") Boolean requireAuthTime, // TODO: JWE needs to be handled properly, see @InitBinder above -- we'll ignore these right now @@ -463,8 +463,8 @@ public class ClientDynamicRegistrationEndpoint { if (params.containsKey("sector_identifier_url")) { client.setSectorIdentifierUrl(Strings.emptyToNull(sectorIdentifierUrl)); } - if (params.containsKey("user_id_type")) { - client.setUserIdType(userIdType); + if (params.containsKey("subject_type")) { + client.setSubjectType(subjectType); } if (params.containsKey("require_signed_request_object")) { // TODO: rename field client.setRequireSignedRequestObject(requireSignedRequestObject); diff --git a/openid-connect-server/src/main/java/org/mitre/swd/web/SimpleWebDiscoveryEndpoint.java b/openid-connect-server/src/main/java/org/mitre/swd/web/SimpleWebDiscoveryEndpoint.java index a80960e87..0ff7b459f 100644 --- a/openid-connect-server/src/main/java/org/mitre/swd/web/SimpleWebDiscoveryEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/swd/web/SimpleWebDiscoveryEndpoint.java @@ -88,7 +88,7 @@ public class SimpleWebDiscoveryEndpoint { scopes_supported array A JSON array containing a list of the OAuth 2.0 [OAuth2.0] scope values that this server supports. The server MUST support the openid scope value. response_types_supported array A JSON array containing a list of the OAuth 2.0 response_type that this server supports. The server MUST support the code, id_token, and the token id_token response_type. acrs_supported array A JSON array containing a list of the Authentication Context Class References that this server supports. - user_id_types_supported array A JSON array containing a list of the user identifier types that this server supports. Valid types include pairwise and public. + subject_types_supported array A JSON array containing a list of the user identifier types that this server supports. Valid types include pairwise and public. userinfo_algs_supported array A JSON array containing a list of the JWS [JWS] and JWE [JWE] signing and encryption algorithms [JWA] supported by the UserInfo Endpoint to encode the JWT [JWT]. id_token_algs_supported array A JSON array containing a list of the JWS and JWE signing and encryption algorithms [JWA] supported by the Authorization Server for the ID Token to encode the JWT [JWT]. request_object_algs_supported array A JSON array containing a list of the JWS and JWE signing and encryption algorithms [JWA] supported by the Authorization Server for the OpenID Request Object described in Section 2.1.2.1 of OpenID Connect Messages [OpenID.Messages] to encode the JWT [JWT]. Servers SHOULD support RS256. diff --git a/openid-connect-server/src/main/resources/db/tables/hsql_database_tables.sql b/openid-connect-server/src/main/resources/db/tables/hsql_database_tables.sql index 0b7d7e924..b967895d1 100644 --- a/openid-connect-server/src/main/resources/db/tables/hsql_database_tables.sql +++ b/openid-connect-server/src/main/resources/db/tables/hsql_database_tables.sql @@ -83,7 +83,7 @@ CREATE TABLE IF NOT EXISTS client_details ( application_type VARCHAR(256), client_name VARCHAR(256), token_endpoint_auth_type VARCHAR(256), - user_id_type VARCHAR(256), + subject_type VARCHAR(256), logo_url VARCHAR(2048), policy_url VARCHAR(2048), @@ -162,7 +162,7 @@ CREATE TABLE IF NOT EXISTS token_scope ( CREATE TABLE IF NOT EXISTS user_info ( id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY, - user_id VARCHAR(256), + sub VARCHAR(256), preferred_username VARCHAR(256), name VARCHAR(256), given_name VARCHAR(256), diff --git a/openid-connect-server/src/main/resources/db/tables/loading_temp_tables.sql b/openid-connect-server/src/main/resources/db/tables/loading_temp_tables.sql index 3f2e60cc6..e8b34d9ca 100644 --- a/openid-connect-server/src/main/resources/db/tables/loading_temp_tables.sql +++ b/openid-connect-server/src/main/resources/db/tables/loading_temp_tables.sql @@ -15,7 +15,7 @@ CREATE TEMPORARY TABLE IF NOT EXISTS users_TEMP ( CREATE TEMPORARY TABLE IF NOT EXISTS user_info_TEMP ( id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY, - user_id VARCHAR(256), + sub VARCHAR(256), preferred_username VARCHAR(256), name VARCHAR(256), given_name VARCHAR(256), diff --git a/openid-connect-server/src/main/resources/db/tables/mysql_database_tables.sql b/openid-connect-server/src/main/resources/db/tables/mysql_database_tables.sql index b1da613a8..6b33db1a0 100644 --- a/openid-connect-server/src/main/resources/db/tables/mysql_database_tables.sql +++ b/openid-connect-server/src/main/resources/db/tables/mysql_database_tables.sql @@ -78,7 +78,7 @@ CREATE TABLE client_details ( application_type VARCHAR(256), client_name VARCHAR(256), token_endpoint_auth_type VARCHAR(256), - user_id_type VARCHAR(256), + subject_type VARCHAR(256), logo_url VARCHAR(2048), policy_url VARCHAR(2048), @@ -157,7 +157,7 @@ CREATE TABLE token_scope ( CREATE TABLE user_info ( id BIGINT AUTO_INCREMENT PRIMARY KEY, - user_id VARCHAR(256), + sub VARCHAR(256), preferred_username VARCHAR(256), name VARCHAR(256), given_name VARCHAR(256), diff --git a/openid-connect-server/src/main/resources/db/users.sql b/openid-connect-server/src/main/resources/db/users.sql index 81ec7e67e..61891b40b 100644 --- a/openid-connect-server/src/main/resources/db/users.sql +++ b/openid-connect-server/src/main/resources/db/users.sql @@ -25,7 +25,7 @@ INSERT INTO authorities_TEMP (username, authority) VALUES ('srmoore','ROLE_USER'); -- By default, the username column here has to match the username column in the users table, above -INSERT INTO user_info_TEMP (user_id, preferred_username, name, email, email_verified) VALUES +INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES ('jricher', 'jricher', 'Justin Richer', 'jricher@mitre.org', false), ('aanganes', 'aanganes', 'Amanda Anganes', 'aanganes@mitre.org', false), ('mfranklin', 'mfranklin', 'Matt Franklin', 'mfranklin@mitre.org', false), @@ -49,10 +49,10 @@ MERGE INTO authorities INSERT (username,authority) values (vals.username, vals.authority); MERGE INTO user_info - USING (SELECT user_id, preferred_username, name, email, email_verified FROM user_info_TEMP) AS vals(user_id, preferred_username, name, email, email_verified) + USING (SELECT sub, preferred_username, name, email, email_verified FROM user_info_TEMP) AS vals(sub, preferred_username, name, email, email_verified) ON vals.preferred_username = user_info.preferred_username WHEN NOT MATCHED THEN - INSERT (user_id, preferred_username, name, email, email_verified) VALUES (vals.user_id, vals.preferred_username, vals.name, vals.email, vals.email_verified); + INSERT (sub, preferred_username, name, email, email_verified) VALUES (vals.sub, vals.preferred_username, vals.name, vals.email, vals.email_verified); --