github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Parse 'sub' to identify resource owner 

As per https://tools.ietf.org/html/rfc7662#section-2.2 the `sub` key should
identify the resource owner in oauth2 introspection responses. 

This change adds support for the `sub` key and will allow the introspection 
response of RFC-compliant servers to be parsed.

Will still try `user_id` first as to not break backward compatibility.
pull/1320/head
Bas Verhoeven 2017-11-13 16:46:52 +01:00 committed by GitHub
parent ce9bf3507f
commit 85246d2d3e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java
View File

@ -244,7 +244,10 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
private Authentication createUserAuthentication(JsonObject token) { private Authentication createUserAuthentication(JsonObject token) {
JsonElement userId = token.get("user_id"); JsonElement userId = token.get("user_id");
if(userId == null) { if(userId == null) {
return null; userId = token.get("sub");
if (userId == null) {
return null;
}
} }
return new PreAuthenticatedAuthenticationToken(userId.getAsString(), token, introspectionAuthorityGranter.getAuthorities(token)); return new PreAuthenticatedAuthenticationToken(userId.getAsString(), token, introspectionAuthorityGranter.getAuthorities(token));