Added setNonce to JwtClaims.

2012-03-23 11:08:49 -04:00 · 2012-03-23 11:08:49 -04:00 · 8b10b83516
parent 02d0471acf
commit 8b10b83516
2 changed files with 22 additions and 4 deletions
--- a/openid-connect-common/src/main/java/org/mitre/jwt/model/JwtClaims.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/model/JwtClaims.java
@ -22,6 +22,7 @@ public class JwtClaims extends ClaimSet {
 	public static final String ISSUED_AT = "iat";
 	public static final String NOT_BEFORE = "nbf";
 	public static final String EXPIRATION = "exp";
+	public static final String NONCE = "nonce";

 	/**
 	 * ISO8601 / RFC3339 Date Format
@ -63,7 +64,9 @@ public class JwtClaims extends ClaimSet {
 	        	setJwtId(element.getValue().getAsString());
 	        } else if (element.getKey().equals(TYPE)) {	        	
 	        	setType(element.getValue().getAsString());
-	        } else {
+	        } else if (element.getKey().equals(NONCE)){
+	        	setType(element.getValue().getAsString());
+	        }else {
 	        	pass.add(element.getKey(), element.getValue());
 	        }
        }
@ -184,5 +187,18 @@ public class JwtClaims extends ClaimSet {
    	setClaim(TYPE, type);
    }
    
+    /**
+     * @return the nonce
+     */
+    public String getNonce() {
+    	return getClaimAsString(NONCE);
+    }
+    
+    /**
+     * @param nonce the nonce to set
+     */
+    public void setNonce(String nonce) {
+    	setClaim(NONCE, nonce);
+    }

 }
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectAuthCodeTokenGranter.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectAuthCodeTokenGranter.java
@ -106,6 +106,7 @@ public class ConnectAuthCodeTokenGranter implements TokenGranter {

 		String authorizationCode = parameters.get("code");
 		String redirectUri = parameters.get("redirect_uri");
+		String nonce = parameters.get("nonce");

 		if (authorizationCode == null) {
 			throw new OAuth2Exception("An authorization code must be supplied.");
@ -145,8 +146,6 @@ public class ConnectAuthCodeTokenGranter implements TokenGranter {
 		
 		token.getJwt().getClaims().setAudience(clientId);
 		
-		//TODO: need to get base url, but Utility.findBaseUrl() needs access to a request object, which we don't have
-		//See github issue #1
 		token.getJwt().getClaims().setIssuer(configBean.getIssuer());

 		token.getJwt().getClaims().setIssuedAt(new Date());
@ -168,6 +167,9 @@ public class ConnectAuthCodeTokenGranter implements TokenGranter {
 			idToken.getClaims().setAudience(clientId);
 			idToken.getClaims().setIssuedAt(new Date());
 			idToken.getClaims().setIssuer(configBean.getIssuer());
+			if (nonce != null && nonce.length() > 0) {
+				idToken.getClaims().setNonce(nonce);
+			}
 			// TODO: expiration? other fields?
 			
 			//Sign