diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java index df23f52fb..6768d3835 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java @@ -36,6 +36,7 @@ import org.springframework.validation.BeanPropertyBindingResult; import org.springframework.web.servlet.view.AbstractView; import com.google.common.base.CaseFormat; +import com.google.common.base.Strings; import com.google.gson.ExclusionStrategy; import com.google.gson.FieldAttributes; import com.google.gson.Gson; @@ -64,6 +65,21 @@ public class UserInfoView extends AbstractView { UserInfo userInfo = (UserInfo) model.get("userInfo"); Set scope = (Set) model.get("scope"); + + String claimsRequestJsonString = (String) model.get("claimsRequest"); + + // getting the 'claims request parameter' from the model + JsonObject claimsRequest = null; + if (!Strings.isNullOrEmpty(claimsRequestJsonString)) { + JsonElement parsed = jsonParser.parse(claimsRequestJsonString); + if (parsed.isJsonObject()) { + claimsRequest = parsed.getAsJsonObject(); + } else { + // claimsRequest stays null + logger.warn("Claims parameter not a valid JSON object: " + claimsRequestJsonString); + } + } + Gson gson = new GsonBuilder() .setExclusionStrategies(new ExclusionStrategy() { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java index 125680e56..816b5d031 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java @@ -30,6 +30,9 @@ import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; + +import com.google.common.base.Strings; /** * OpenID Connect UserInfo endpoint, as specified in Standard sec 5 and Messages sec 2.4. @@ -50,7 +53,7 @@ public class UserInfoEndpoint { */ @PreAuthorize("hasRole('ROLE_USER') and #oauth2.hasScope('openid')") @RequestMapping(value="/userinfo", method= {RequestMethod.GET, RequestMethod.POST}, produces = "application/json") - public String getInfo(Principal p, Model model) { + public String getInfo(@RequestParam(value="claims", required=false) String claimsRequestJsonString, Principal p, Model model) { if (p == null) { logger.error("getInfo failed; no principal. Requester is not authorized."); @@ -66,6 +69,10 @@ public class UserInfoEndpoint { model.addAttribute("code", HttpStatus.NOT_FOUND); return "httpCodeView"; } + + if (!Strings.isNullOrEmpty(claimsRequestJsonString)) { + model.addAttribute("claimsRequest", claimsRequestJsonString); + } if (p instanceof OAuth2Authentication) { OAuth2Authentication authentication = (OAuth2Authentication)p;