parsing "claims" parameter directly from userinfoendpoint requests.

11 years ago · 7b813c79ee
parent 1ffbb39a2b
commit 7b813c79ee
2 changed files with 24 additions and 1 deletions
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java
@ -36,6 +36,7 @@ import org.springframework.validation.BeanPropertyBindingResult;
 import org.springframework.web.servlet.view.AbstractView;

 import com.google.common.base.CaseFormat;
+import com.google.common.base.Strings;
 import com.google.gson.ExclusionStrategy;
 import com.google.gson.FieldAttributes;
 import com.google.gson.Gson;
@ -64,6 +65,21 @@ public class UserInfoView extends AbstractView {
 		UserInfo userInfo = (UserInfo) model.get("userInfo");

 		Set<String> scope = (Set<String>) model.get("scope");
+		
+		String claimsRequestJsonString = (String) model.get("claimsRequest");
+		
+		// getting the 'claims request parameter' from the model
+		JsonObject claimsRequest = null;
+		if (!Strings.isNullOrEmpty(claimsRequestJsonString)) {
+			JsonElement parsed = jsonParser.parse(claimsRequestJsonString);
+			if (parsed.isJsonObject()) {
+				claimsRequest = parsed.getAsJsonObject();
+			} else {
+				// claimsRequest stays null
+				logger.warn("Claims parameter not a valid JSON object: " + claimsRequestJsonString);
+			}
+		}
+		

 		Gson gson = new GsonBuilder()
 		.setExclusionStrategies(new ExclusionStrategy() {
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
@ -30,6 +30,9 @@ import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+
+import com.google.common.base.Strings;

 /**
 * OpenID Connect UserInfo endpoint, as specified in Standard sec 5 and Messages sec 2.4.
@ -50,7 +53,7 @@ public class UserInfoEndpoint {
 	 */
 	@PreAuthorize("hasRole('ROLE_USER') and #oauth2.hasScope('openid')")
 	@RequestMapping(value="/userinfo", method= {RequestMethod.GET, RequestMethod.POST}, produces = "application/json")
-	public String getInfo(Principal p, Model model) {
+	public String getInfo(@RequestParam(value="claims", required=false) String claimsRequestJsonString, Principal p, Model model) {

 		if (p == null) {
 			logger.error("getInfo failed; no principal. Requester is not authorized.");
@ -66,6 +69,10 @@ public class UserInfoEndpoint {
 			model.addAttribute("code", HttpStatus.NOT_FOUND);
 			return "httpCodeView";
 		}
+		
+		if (!Strings.isNullOrEmpty(claimsRequestJsonString)) {
+			model.addAttribute("claimsRequest", claimsRequestJsonString);
+		}

 		if (p instanceof OAuth2Authentication) {
 			OAuth2Authentication authentication = (OAuth2Authentication)p;