added 'kid' to all signed tokens, closes #899

openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java

@@ -389,7 +389,10 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 				claimsSet.setIssueTime(now);
 				claimsSet.setNotBeforeTime(now);
 
-				SignedJWT jwt = new SignedJWT(new JWSHeader(alg), claimsSet);
+				JWSHeader header = new JWSHeader(alg, null, null, null, null, null, null, null, null, null,
+						signer.getDefaultSignerKeyId(),
+						null, null);
+				SignedJWT jwt = new SignedJWT(header, claimsSet);
 
 				signer.signJwt(jwt, alg);
 

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java

@@ -181,7 +181,10 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
 						|| signingAlg.equals(JWSAlgorithm.HS384)
 						|| signingAlg.equals(JWSAlgorithm.HS512)) {
 
-					idToken = new SignedJWT(new JWSHeader(signingAlg), idClaims);
+					JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null,
+							jwtService.getDefaultSignerKeyId(),
+							null, null);
+					idToken = new SignedJWT(header, idClaims);
 
 					JWTSigningAndValidationService signer = symmetricCacheService.getSymmetricValidtor(client);
 
@@ -288,7 +291,10 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
 		claims.setJWTID(UUID.randomUUID().toString()); // set a random NONCE in the middle of it
 
 		JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm();
-		SignedJWT signed = new SignedJWT(new JWSHeader(signingAlg), claims);
+		JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null,
+				jwtService.getDefaultSignerKeyId(),
+				null, null);
+		SignedJWT signed = new SignedJWT(header, claims);
 
 		jwtService.signJwt(signed);
 

openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java

@@ -101,8 +101,10 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
 		claims.setJWTID(UUID.randomUUID().toString()); // set a random NONCE in the middle of it
 
 		JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm();
-
-		SignedJWT signed = new SignedJWT(new JWSHeader(signingAlg), claims);
+		JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null,
+				jwtService.getDefaultSignerKeyId(),
+				null, null);
+		SignedJWT signed = new SignedJWT(header, claims);
 
 		jwtService.signJwt(signed);
 

openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJWTView.java

@@ -136,8 +136,10 @@ public class UserInfoJWTView extends UserInfoView {
 				if (client.getUserInfoSignedResponseAlg() != null) {
 					signingAlg = client.getUserInfoSignedResponseAlg(); // override with the client's preference if available
 				}
-
-				SignedJWT signed = new SignedJWT(new JWSHeader(signingAlg), claims);
+				JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null,
+						jwtService.getDefaultSignerKeyId(),
+						null, null);
+				SignedJWT signed = new SignedJWT(header, claims);
 
 				if (signingAlg.equals(JWSAlgorithm.HS256)
 						|| signingAlg.equals(JWSAlgorithm.HS384)

uma-server/src/main/java/org/mitre/uma/service/impl/DefaultUmaTokenService.java

@@ -104,7 +104,10 @@ public class DefaultUmaTokenService implements UmaTokenService {
 
 
 		JWSAlgorithm signingAlgorithm = jwtService.getDefaultSigningAlgorithm();
-		SignedJWT signed = new SignedJWT(new JWSHeader(signingAlgorithm), claims);
+		JWSHeader header = new JWSHeader(signingAlgorithm, null, null, null, null, null, null, null, null, null,
+				jwtService.getDefaultSignerKeyId(),
+				null, null);
+		SignedJWT signed = new SignedJWT(header, claims);
 
 		jwtService.signJwt(signed);