user info endpoint response uses correct client algorithms, addresses #921

pull/948/head
Justin Richer 9 years ago
parent d03bebe5bf
commit b09503aadb

@ -99,8 +99,8 @@ public class UserInfoJwtView extends UserInfoView {
claims.setJWTID(UUID.randomUUID().toString()); // set a random NONCE in the middle of it claims.setJWTID(UUID.randomUUID().toString()); // set a random NONCE in the middle of it
if (client.getIdTokenEncryptedResponseAlg() != null && !client.getIdTokenEncryptedResponseAlg().equals(Algorithm.NONE) if (client.getUserInfoEncryptedResponseAlg() != null && !client.getUserInfoEncryptedResponseAlg().equals(Algorithm.NONE)
&& client.getIdTokenEncryptedResponseEnc() != null && !client.getIdTokenEncryptedResponseEnc().equals(Algorithm.NONE) && client.getUserInfoEncryptedResponseEnc() != null && !client.getUserInfoEncryptedResponseEnc().equals(Algorithm.NONE)
&& !Strings.isNullOrEmpty(client.getJwksUri())) { && !Strings.isNullOrEmpty(client.getJwksUri())) {
// encrypt it to the client's key // encrypt it to the client's key
@ -109,7 +109,7 @@ public class UserInfoJwtView extends UserInfoView {
if (encrypter != null) { if (encrypter != null) {
EncryptedJWT encrypted = new EncryptedJWT(new JWEHeader(client.getIdTokenEncryptedResponseAlg(), client.getIdTokenEncryptedResponseEnc()), claims); EncryptedJWT encrypted = new EncryptedJWT(new JWEHeader(client.getUserInfoEncryptedResponseAlg(), client.getUserInfoEncryptedResponseEnc()), claims);
encrypter.encryptJwt(encrypted); encrypter.encryptJwt(encrypted);

Loading…
Cancel
Save