added JTI to ID tokens, closes #900

9 years ago · 89a728669a
2 changed files with 3 additions and 0 deletions
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java
@ -21,6 +21,7 @@ package org.mitre.oauth2.token;
 import java.text.ParseException;
 import java.util.Date;
 import java.util.UUID;
 import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
 import org.mitre.oauth2.model.ClientDetailsEntity;
@ -122,6 +123,7 @@ public class JwtAssertionTokenGranter extends AbstractTokenGranter {
 					}
 					claims.setIssueTime(new Date());
 					claims.setJWTID(UUID.randomUUID().toString()); // set a random NONCE in the middle of it
 					SignedJWT newIdToken = new SignedJWT((JWSHeader) idToken.getHeader(), claims);
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java
@ -123,6 +123,7 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
 		idClaims.setIssuer(configBean.getIssuer());
 		idClaims.setSubject(sub);
 		idClaims.setAudience(Lists.newArrayList(client.getClientId()));
 		idClaims.setJWTID(UUID.randomUUID().toString()); // set a random NONCE in the middle of it
 		String nonce = (String)request.getExtensions().get("nonce");
 		if (!Strings.isNullOrEmpty(nonce)) {