Signing JWT based on the default keyId. Currently, it signs based on the first key which has the desired algorithm.

pull/1612/head
Dmytri Eck 6 months ago
parent d074573de0
commit 7fd5a4a2e3

@ -425,6 +425,9 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
null, null);
SignedJWT jwt = new SignedJWT(header, claimsSet.build());
if (signer.getDefaultSignerKeyId() != null)
signer.signJwt(jwt);
else
signer.signJwt(jwt, alg);
form.add("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");

Loading…
Cancel
Save