Signing JWT based on the default keyId. Currently, it signs based on the first key which has the desired algorithm.

pull/1612/head
Dmytri Eck 6 months ago
parent d074573de0
commit 7fd5a4a2e3

@ -425,7 +425,10 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
null, null); null, null);
SignedJWT jwt = new SignedJWT(header, claimsSet.build()); SignedJWT jwt = new SignedJWT(header, claimsSet.build());
signer.signJwt(jwt, alg); if (signer.getDefaultSignerKeyId() != null)
signer.signJwt(jwt);
else
signer.signJwt(jwt, alg);
form.add("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"); form.add("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
form.add("client_assertion", jwt.serialize()); form.add("client_assertion", jwt.serialize());

Loading…
Cancel
Save