From 48bc26901a3e97e6e323ab18a6292790d5a66482 Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mit.edu>
Date: Thu, 1 Oct 2015 18:54:15 -0400
Subject: [PATCH] added JTI to client auth

---
 .../mitre/openid/connect/client/OIDCAuthenticationFilter.java   | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java
index f9bdcf297..bd039d8d2 100644
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java
@@ -23,6 +23,7 @@ import java.security.SecureRandom;
 import java.text.ParseException;
 import java.util.Date;
 import java.util.Map;
+import java.util.UUID;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -378,6 +379,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 				claimsSet.setIssuer(clientConfig.getClientId());
 				claimsSet.setSubject(clientConfig.getClientId());
 				claimsSet.setAudience(Lists.newArrayList(serverConfig.getTokenEndpointUri()));
+				claimsSet.setJWTID(UUID.randomUUID().toString());
 
 				// TODO: make this configurable
 				Date exp = new Date(System.currentTimeMillis() + (60 * 1000)); // auth good for 60 seconds