added audience parameter to parser, fixed token generator to match HEART spec

openid-connect-server/src/main/java/org/mitre/openid/connect/request/ConnectOAuth2RequestFactory.java

@@ -17,7 +17,7 @@
 package org.mitre.openid.connect.request;
 
 
-import static org.mitre.openid.connect.request.ConnectRequestParameters.CLAIMS;
+import static org.mitre.openid.connect.request.ConnectRequestParameters.*;
 import static org.mitre.openid.connect.request.ConnectRequestParameters.CLIENT_ID;
 import static org.mitre.openid.connect.request.ConnectRequestParameters.DISPLAY;
 import static org.mitre.openid.connect.request.ConnectRequestParameters.LOGIN_HINT;
@@ -133,6 +133,11 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory {
 			request.getExtensions().put(LOGIN_HINT, inputParams.get(LOGIN_HINT));
 		}
 
+		if (inputParams.containsKey(AUD)) {
+			request.getExtensions().put(AUD, inputParams.get(AUD));
+		}
+
+			
 		if (inputParams.containsKey(REQUEST)) {
 			request.getExtensions().put(REQUEST, inputParams.get(REQUEST));
 			processRequestObject(inputParams.get(REQUEST), request);

openid-connect-server/src/main/java/org/mitre/openid/connect/request/ConnectRequestParameters.java

@@ -44,4 +44,7 @@ public interface ConnectRequestParameters {
 	public String ERROR = "error";
 	public String LOGIN_REQUIRED = "login_required";
 	
+	// audience
+	public String AUD = "aud";
+
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java

@@ -40,10 +40,12 @@ import org.springframework.security.oauth2.provider.OAuth2Request;
 import org.springframework.security.oauth2.provider.token.TokenEnhancer;
 import org.springframework.stereotype.Service;
 
+import com.google.common.base.Strings;
 import com.google.common.collect.Lists;
 import com.nimbusds.jose.JWSAlgorithm;
 import com.nimbusds.jose.JWSHeader;
 import com.nimbusds.jwt.JWTClaimsSet;
+import com.nimbusds.jwt.JWTClaimsSet.Builder;
 import com.nimbusds.jwt.SignedJWT;
 
 @Service
@@ -88,13 +90,20 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
 		String clientId = originalAuthRequest.getClientId();
 		ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
 
-		JWTClaimsSet claims = new JWTClaimsSet.Builder()
+		Builder builder = new JWTClaimsSet.Builder()
-				.audience(Lists.newArrayList(clientId))
+				.claim("azp", clientId)
 				.issuer(configBean.getIssuer())
 				.issueTime(new Date())
 				.expirationTime(token.getExpiration())
-				.jwtID(UUID.randomUUID().toString()) // set a random NONCE in the middle of it
+				.subject(authentication.getName())
-				.build();
+				.jwtID(UUID.randomUUID().toString()); // set a random NONCE in the middle of it
+		
+		String audience = (String) authentication.getOAuth2Request().getExtensions().get("aud");
+		if (!Strings.isNullOrEmpty(audience)) {
+			builder.audience(Lists.newArrayList(audience));
+		}
+		
+		JWTClaimsSet claims = builder.build();
 
 		JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm();
 		JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null,
@@ -162,4 +171,5 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
 		this.clientService = clientService;
 	}
 	
+
 }