added JTI to client auth

pull/924/head
Justin Richer 2015-10-01 18:54:15 -04:00
parent d3f8ff2855
commit 48bc26901a
1 changed files with 2 additions and 0 deletions

View File

@ -23,6 +23,7 @@ import java.security.SecureRandom;
import java.text.ParseException;
import java.util.Date;
import java.util.Map;
import java.util.UUID;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
@ -378,6 +379,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
claimsSet.setIssuer(clientConfig.getClientId());
claimsSet.setSubject(clientConfig.getClientId());
claimsSet.setAudience(Lists.newArrayList(serverConfig.getTokenEndpointUri()));
claimsSet.setJWTID(UUID.randomUUID().toString());
// TODO: make this configurable
Date exp = new Date(System.currentTimeMillis() + (60 * 1000)); // auth good for 60 seconds