more updates to track nimbus-jose-jwt classes and use them properly

2013-02-21 16:22:30 -05:00 · 2013-02-21 16:22:30 -05:00 · 4d725b88dd
parent 9a98d241e8
commit 4d725b88dd
3 changed files with 62 additions and 74 deletions
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java
@ -72,15 +72,10 @@ public class JwtAssertionTokenGranter extends AbstractTokenGranter {

 		    // it's an ID token, process it accordingly
 	    	
-	    	// TODO: make this use the idtoken class
-	    	JWT idToken;
 	    	try {
-	            idToken = JWTParser.parse(incomingTokenValue);
-            } catch (ParseException e1) {
-	            // TODO Auto-generated catch block
-	            e1.printStackTrace();
-	            return null;
-            }
+	    	
+		    	// TODO: make this use a more specific idtoken class
+		    	JWT idToken = JWTParser.parse(incomingTokenValue);
 		    	
 		    	OAuth2AccessTokenEntity accessToken = tokenServices.getAccessTokenForIdToken(incomingToken);
 		    	
@ -90,15 +85,8 @@ public class JwtAssertionTokenGranter extends AbstractTokenGranter {
 		    		
 		    		OAuth2AccessTokenEntity newIdTokenEntity = new OAuth2AccessTokenEntity();
 		    		
-	    		// FIXME: we shouldn't have to roundtrip this through JSON to get it to copy all existing claims
-	    		JWTClaimsSet claims;
-                try {
-	                claims = JWTClaimsSet.parse(idToken.getJWTClaimsSet().toJSONObject());
-                } catch (ParseException e1) {
-	                // TODO Auto-generated catch block
-	                e1.printStackTrace();
-	                return null;
-                }
+		    		// copy over all existing claims
+		    		JWTClaimsSet claims = new JWTClaimsSet(idToken.getJWTClaimsSet());
 	
 		    		// update expiration and issued-at claims
 					if (client.getIdTokenValiditySeconds() != null) {
@ -134,9 +122,14 @@ public class JwtAssertionTokenGranter extends AbstractTokenGranter {
 					return newIdTokenEntity;
 		    		
 		    	}
+	    	} catch (ParseException e) {
+	    		logger.warn("Couldn't parse id token", e);
+	    	}
 	    	
 	    }
 	    
+	    // if we got down here, we didn't actually create any tokens, so return null
+	    
 	    return null;

 	    /*
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java
@ -33,6 +33,7 @@ import org.springframework.stereotype.Component;

 import com.google.common.base.Strings;
 import com.nimbusds.jose.JWSObject;
+import com.nimbusds.jose.util.JSONObjectUtils;

@Component("authorizationRequestManager")
 public class ConnectAuthorizationRequestManager implements AuthorizationRequestManager, InitializingBean {
@ -172,52 +173,51 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM
 			 * 		we don't care
 			 */
 			
-			// FIXME: all of these are doing raw JSON parsing and don't guarantee good behavior vis a vis strings
-			String responseTypes = (String) claims.get("response_type");
+			String responseTypes = JSONObjectUtils.getString(claims, "response_type");
 			if (responseTypes != null) {
 				parameters.put("response_type", responseTypes);
 			}
 			
-			String clientId = (String) claims.get("client_id");
+			String clientId = JSONObjectUtils.getString(claims, "client_id");
 			if (clientId != null) {
 				parameters.put("client_id", clientId);
 			}
 			
 			if (claims.get("redirect_uri") != null) {
 				if (inputParams.containsKey("redirect_uri") == false) {
-					parameters.put("redirect_uri", (String) claims.get("redirect_uri"));
+					parameters.put("redirect_uri", JSONObjectUtils.getString(claims, "redirect_uri"));
 				}
 			}
 			
-			String state = (String) claims.get("state");
+			String state = JSONObjectUtils.getString(claims, "state");
 			if(state != null) {
 				if (inputParams.containsKey("state") == false) {
 					parameters.put("state", state);
 				}
 			}
 			
-			String nonce = (String) claims.get("nonce");
+			String nonce = JSONObjectUtils.getString(claims, "nonce");
 			if(nonce != null) {
 				if (inputParams.containsKey("nonce") == false) {
 					parameters.put("nonce", nonce);
 				}
 			}
 			
-			String display = (String) claims.get("display");
+			String display = JSONObjectUtils.getString(claims, "display");
 			if (display != null) {
 				if (inputParams.containsKey("display") == false) {
 					parameters.put("display", display);
 				}
 			}
 			
-			String prompt = (String) claims.get("prompt");
+			String prompt = JSONObjectUtils.getString(claims, "prompt");
 			if (prompt != null) {
 				if (inputParams.containsKey("prompt") == false) {
 					parameters.put("prompt", prompt);
 				}
 			}
 			
-			String scope = (String) claims.get("scope");
+			String scope = JSONObjectUtils.getString(claims, "scope");
 			if (scope != null) {
 				if (inputParams.containsKey("scope") == false) {
 					parameters.put("scope", scope);
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JSONUserInfoView.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JSONUserInfoView.java
@ -126,11 +126,6 @@ public class JSONUserInfoView extends AbstractView {
 		
 		JsonObject obj = new JsonObject();
 		
-		//The "sub" claim must always be returned from this endpoint
-		obj.addProperty("sub", ui.getSub());
-		
-		//TODO: I think the following should be removed. "sub" replaces "user_id", and according
-		//to the spec it must ALWAYS be returned from this endpoint. 
 		if (scope.contains("openid")) {
 			obj.addProperty("sub", ui.getSub());
 		}