added new call to get the UserInfo in context with the requesting client to allow for pairwise identifiers.

temporary implementation of pairwise identifiers in place

openid-connect-common/src/main/java/org/mitre/openid/connect/service/UserInfoService.java

@@ -53,9 +53,21 @@ public interface UserInfoService {
 
 
 	/**
-	 * Get the UserInfo for the given preferredUsername field
+	 * Get the UserInfo for the given username (usually maps to the
+	 * preferredUsername field).
 	 * @param username
 	 * @return
 	 */
 	public UserInfo getByUsername(String username);
+	
+	/**
+	 * Get the UserInfo for the given username (usually maps to the
+	 * preferredUsername field) and clientId. This allows pairwise
+	 * client identifiers where appropriate. 
+	 * @param username
+	 * @param clientId
+	 * @return
+	 */
+	public UserInfo getByUsernameAndClientId(String username, String clientId);
+
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultUserInfoService.java

@@ -16,6 +16,8 @@
  ******************************************************************************/
 package org.mitre.openid.connect.service.impl;
 
+import org.mitre.oauth2.model.ClientDetailsEntity;
+import org.mitre.oauth2.service.ClientDetailsEntityService;
 import org.mitre.openid.connect.model.UserInfo;
 import org.mitre.openid.connect.repository.UserInfoRepository;
 import org.mitre.openid.connect.service.UserInfoService;
@@ -35,7 +37,9 @@ public class DefaultUserInfoService implements UserInfoService {
 	@Autowired
 	private UserInfoRepository userInfoRepository;
 	
-
+	@Autowired
+	private ClientDetailsEntityService clientService;
+	
 	@Override
 	public void save(UserInfo userInfo) {
 		userInfoRepository.save(userInfo);
@@ -56,4 +60,23 @@ public class DefaultUserInfoService implements UserInfoService {
 		return userInfoRepository.getByUsername(username);
 	}
 
+    @Override
+    public UserInfo getByUsernameAndClientId(String username, String clientId) {
+    	
+    	ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
+    	
+    	UserInfo userInfo = getByUsername(username);
+    	
+    	if (client == null || userInfo == null) {
+    		return null;
+    	}
+    	
+    	if (client.getSubjectType().equals(ClientDetailsEntity.SubjectType.PAIRWISE)) {
+    		userInfo.setSub(userInfo.getSub() + "@" + clientId);
+    	}
+    	
+    	return userInfo;
+    	
+    }
+
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java

@@ -112,7 +112,7 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
 			// TODO: maybe id tokens need a service layer
 
 			String username = authentication.getName();
-			UserInfo userInfo = userInfoService.getByUsername(username);
+			UserInfo userInfo = userInfoService.getByUsernameAndClientId(username, clientId);
 
 			OAuth2AccessTokenEntity idTokenEntity = new OAuth2AccessTokenEntity();
 

openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java

@@ -16,8 +16,6 @@
  ******************************************************************************/
 package org.mitre.openid.connect.web;
 
-import java.security.Principal;
-
 import org.mitre.openid.connect.model.UserInfo;
 import org.mitre.openid.connect.service.UserInfoService;
 import org.slf4j.Logger;
@@ -62,7 +60,7 @@ public class UserInfoEndpoint {
 		}
 
 		String username = auth.getName();
-		UserInfo userInfo = userInfoService.getByUsername(username);
+		UserInfo userInfo = userInfoService.getByUsernameAndClientId(username, auth.getOAuth2Request().getClientId());
 
 		if (userInfo == null) {
 			logger.error("getInfo failed; user not found: " + username);