added 'kid' to all signed tokens, closes #899

openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java

@@ -384,7 +384,10 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 				claimsSet.setIssueTime(now);
 				claimsSet.setNotBeforeTime(now);
 
-				SignedJWT jwt = new SignedJWT(new JWSHeader(alg), claimsSet);
+				JWSHeader header = new JWSHeader(alg, null, null, null, null, null, null, null, null, null,
+						signer.getDefaultSignerKeyId(),
+						null, null);
+				SignedJWT jwt = new SignedJWT(header, claimsSet);
 
 				signer.signJwt(jwt, alg);
 

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java

@@ -172,7 +172,10 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
 						|| signingAlg.equals(JWSAlgorithm.HS384)
 						|| signingAlg.equals(JWSAlgorithm.HS512)) {
 
-					idToken = new SignedJWT(new JWSHeader(signingAlg), idClaims);
+					JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null,
+							jwtService.getDefaultSignerKeyId(),
+							null, null);
+					idToken = new SignedJWT(header, idClaims);
 
 					JwtSigningAndValidationService signer = symmetricCacheService.getSymmetricValidtor(client);
 	
@@ -279,7 +282,10 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
 		claims.setJWTID(UUID.randomUUID().toString()); // set a random NONCE in the middle of it
 
 		JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm();
-		SignedJWT signed = new SignedJWT(new JWSHeader(signingAlg), claims);
+		JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null,
+				jwtService.getDefaultSignerKeyId(),
+				null, null);
+		SignedJWT signed = new SignedJWT(header, claims);
 
 		jwtService.signJwt(signed);
 

openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java

@@ -97,8 +97,10 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
 		claims.setJWTID(UUID.randomUUID().toString()); // set a random NONCE in the middle of it
 
 		JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm();
-
-		SignedJWT signed = new SignedJWT(new JWSHeader(signingAlg), claims);
+		JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null,
+				jwtService.getDefaultSignerKeyId(),
+				null, null);
+		SignedJWT signed = new SignedJWT(header, claims);
 
 		jwtService.signJwt(signed);
 

openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJwtView.java

@@ -126,8 +126,10 @@ public class UserInfoJwtView extends UserInfoView {
 				if (client.getUserInfoSignedResponseAlg() != null) {
 					signingAlg = client.getUserInfoSignedResponseAlg(); // override with the client's preference if available
 				}
-
-				SignedJWT signed = new SignedJWT(new JWSHeader(signingAlg), claims);
+				JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null,
+						jwtService.getDefaultSignerKeyId(),
+						null, null);
+				SignedJWT signed = new SignedJWT(header, claims);
 
 				if (signingAlg.equals(JWSAlgorithm.HS256)
 						|| signingAlg.equals(JWSAlgorithm.HS384)