Merge pull request #2 from indigo-iam/fix/202

Include additional claims in ID token

openid-connect-client/pom.xml

@@ -22,7 +22,7 @@
 	<parent>
 		<artifactId>openid-connect-parent</artifactId>
 		<groupId>org.mitre</groupId>
-		<version>1.3.2.cnaf.rc0</version>
+		<version>1.3.3.cnaf-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>openid-connect-client</artifactId>

openid-connect-common/pom.xml

@@ -22,7 +22,7 @@
 	<parent>
 		<artifactId>openid-connect-parent</artifactId>
 		<groupId>org.mitre</groupId>
-		<version>1.3.2.cnaf.rc0</version>
+		<version>1.3.3.cnaf-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>openid-connect-common</artifactId>

openid-connect-common/src/main/java/org/mitre/openid/connect/service/IDTokenClaimsEnhancer.java

@@ -0,0 +1,12 @@
+package org.mitre.openid.connect.service;
+
+import java.util.Date;
+import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
+import org.springframework.security.oauth2.provider.OAuth2Request;
+import com.nimbusds.jwt.JWTClaimsSet;
+
+public interface IDTokenClaimsEnhancer {
+
+  void enhanceIdTokenClaims(JWTClaimsSet.Builder claimsBuilder, OAuth2Request request, Date issueTime,
+      String sub, OAuth2AccessTokenEntity accessToken);
+}

openid-connect-server/pom.xml

@@ -23,7 +23,7 @@
 	<parent>
 		<groupId>org.mitre</groupId>
 		<artifactId>openid-connect-parent</artifactId>
-		<version>1.3.2.cnaf.rc0</version>
+		<version>1.3.3.cnaf-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<build>

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultIdTokenClaimsEnhancer.java

@@ -0,0 +1,19 @@
+package org.mitre.openid.connect.service.impl;
+
+import java.util.Date;
+import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
+import org.mitre.openid.connect.service.IDTokenClaimsEnhancer;
+import org.springframework.security.oauth2.provider.OAuth2Request;
+import org.springframework.stereotype.Service;
+import com.nimbusds.jwt.JWTClaimsSet;
+
+@Service("defaultIdTokenClaimsEnhancer")
+public class DefaultIdTokenClaimsEnhancer implements IDTokenClaimsEnhancer {
+
+  @Override
+  public void enhanceIdTokenClaims(JWTClaimsSet.Builder claimsBuilder, OAuth2Request request, Date issueTime,
+      String sub, OAuth2AccessTokenEntity accessToken) {
+
+  }
+
+}

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java

@@ -36,6 +36,7 @@ import org.mitre.oauth2.service.AuthenticationHolderEntityService;
 import org.mitre.oauth2.service.OAuth2TokenEntityService;
 import org.mitre.oauth2.service.SystemScopeService;
 import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
+import org.mitre.openid.connect.service.IDTokenClaimsEnhancer;
 import org.mitre.openid.connect.service.OIDCTokenService;
 import org.mitre.openid.connect.util.IdTokenHashUtils;
 import org.mitre.openid.connect.web.AuthenticationTimeStamper;
@@ -94,6 +95,9 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
 	@Autowired
 	private OAuth2TokenEntityService tokenService;
 
+	@Autowired
+	private IDTokenClaimsEnhancer idTokenClaimsEnhancer;
+
 	@Override
 	public JWT createIdToken(ClientDetailsEntity client, OAuth2Request request, Date issueTime, String sub, OAuth2AccessTokenEntity accessToken) {
 
@@ -142,6 +146,8 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
 			idClaims.claim("nonce", nonce);
 		}
 
+		idTokenClaimsEnhancer.enhanceIdTokenClaims(idClaims, request, issueTime, sub, accessToken);
+
 		Set<String> responseTypes = request.getResponseTypes();
 
 		if (responseTypes.contains("token")) {

pom.xml

@@ -20,7 +20,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.mitre</groupId>
 	<artifactId>openid-connect-parent</artifactId>
-	<version>1.3.2.cnaf.rc0</version>
+	<version>1.3.3.cnaf-SNAPSHOT</version>
 	<name>MITREid Connect</name>
 	<packaging>pom</packaging>
 	<parent>