From 54708fb0ac9c48293bc5621210811e095b26d01b Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Mon, 10 Dec 2012 10:11:02 -0500 Subject: [PATCH] fixed id token scopes (shouldn't inherit from parent token) --- .../mitre/openid/connect/token/ConnectTokenEnhancer.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java index ca114bac4..21d7ae363 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java @@ -37,6 +37,7 @@ import org.springframework.security.oauth2.provider.token.TokenEnhancer; import org.springframework.stereotype.Service; import com.google.common.base.Strings; +import com.google.common.collect.Sets; @Service public class ConnectTokenEnhancer implements TokenEnhancer { @@ -132,9 +133,9 @@ public class ConnectTokenEnhancer implements TokenEnhancer { // TODO: might want to create a specialty authentication object here instead of copying idTokenEntity.setAuthenticationHolder(token.getAuthenticationHolder()); - // copy in the scopes from the parent token and add "id-token" to the list - Set idScopes = new HashSet(token.getScope()); - idScopes.add(OAuth2AccessTokenEntity.ID_TOKEN_SCOPE); + // create a scope set with just the special "id-token" scope + //Set idScopes = new HashSet(token.getScope()); // this would copy the original token's scopes in, we don't really want that + Set idScopes = Sets.newHashSet(OAuth2AccessTokenEntity.ID_TOKEN_SCOPE); idTokenEntity.setScope(idScopes); idTokenEntity.setClient(token.getClient());