github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

added audience parameter to parser, fixed token generator to match HEART spec

pull/1046/head
Justin Richer 2016-03-11 17:12:36 -05:00
parent 49a8848648
commit 9691f02772
3 changed files with 24 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
openid-connect-server/src/main/java/org/mitre/openid/connect/request/ConnectOAuth2RequestFactory.java
View File

@ -17,7 +17,7 @@
package org.mitre.openid.connect.request;
import static org.mitre.openid.connect.request.ConnectRequestParameters.CLAIMS;
import static org.mitre.openid.connect.request.ConnectRequestParameters.*;
import static org.mitre.openid.connect.request.ConnectRequestParameters.CLIENT_ID;
import static org.mitre.openid.connect.request.ConnectRequestParameters.DISPLAY;
import static org.mitre.openid.connect.request.ConnectRequestParameters.LOGIN_HINT;
@ -133,6 +133,11 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory {
request.getExtensions().put(LOGIN_HINT, inputParams.get(LOGIN_HINT));
}
if (inputParams.containsKey(AUD)) {
request.getExtensions().put(AUD, inputParams.get(AUD));
}
if (inputParams.containsKey(REQUEST)) {
request.getExtensions().put(REQUEST, inputParams.get(REQUEST));
processRequestObject(inputParams.get(REQUEST), request);

3
openid-connect-server/src/main/java/org/mitre/openid/connect/request/ConnectRequestParameters.java
View File

@ -43,5 +43,8 @@ public interface ConnectRequestParameters {
// responses
public String ERROR = "error";
public String LOGIN_REQUIRED = "login_required";
// audience
public String AUD = "aud";
}

20
openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java
View File

@ -40,10 +40,12 @@ import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.stereotype.Service;
import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.JWTClaimsSet.Builder;
import com.nimbusds.jwt.SignedJWT;
@Service
@ -88,13 +90,20 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
String clientId = originalAuthRequest.getClientId();
ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
JWTClaimsSet claims = new JWTClaimsSet.Builder()
.audience(Lists.newArrayList(clientId))
Builder builder = new JWTClaimsSet.Builder()
.claim("azp", clientId)
.issuer(configBean.getIssuer())
.issueTime(new Date())
.expirationTime(token.getExpiration())
.jwtID(UUID.randomUUID().toString()) // set a random NONCE in the middle of it
.build();
.subject(authentication.getName())
.jwtID(UUID.randomUUID().toString()); // set a random NONCE in the middle of it
String audience = (String) authentication.getOAuth2Request().getExtensions().get("aud");
if (!Strings.isNullOrEmpty(audience)) {
builder.audience(Lists.newArrayList(audience));
}
JWTClaimsSet claims = builder.build();
JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm();
JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null,
@ -161,5 +170,6 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
public void setClientService(ClientDetailsEntityService clientService) {
this.clientService = clientService;
}
}
}