github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merged to use idToken.setNonce().

pull/59/head
Amanda Anganes 2012-03-23 11:11:38 -04:00
parent 268b82e31d
commit c50f968748
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectAuthCodeTokenGranter.java
View File

@ -29,6 +29,8 @@ import org.springframework.security.oauth2.provider.code.AuthorizationCodeServic
import org.springframework.security.oauth2.provider.code.AuthorizationRequestHolder; import org.springframework.security.oauth2.provider.code.AuthorizationRequestHolder;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import com.google.common.base.Strings;
/** /**
* AccessToken granter for Authorization Code flow. * AccessToken granter for Authorization Code flow.
* *
@ -106,7 +108,6 @@ public class ConnectAuthCodeTokenGranter implements TokenGranter {
String authorizationCode = parameters.get("code"); String authorizationCode = parameters.get("code");
String redirectUri = parameters.get("redirect_uri"); String redirectUri = parameters.get("redirect_uri");
String nonce = parameters.get("nonce");
if (authorizationCode == null) { if (authorizationCode == null) {
throw new OAuth2Exception("An authorization code must be supplied."); throw new OAuth2Exception("An authorization code must be supplied.");
@ -167,18 +168,17 @@ public class ConnectAuthCodeTokenGranter implements TokenGranter {
idToken.getClaims().setAudience(clientId); idToken.getClaims().setAudience(clientId);
idToken.getClaims().setIssuedAt(new Date()); idToken.getClaims().setIssuedAt(new Date());
idToken.getClaims().setIssuer(configBean.getIssuer()); idToken.getClaims().setIssuer(configBean.getIssuer());
if (nonce != null && nonce.length() > 0) {
String nonce = unconfirmedAuthorizationRequest.getParameters().get("nonce");
if (!Strings.isNullOrEmpty(nonce)) {
idToken.getClaims().setNonce(nonce); idToken.getClaims().setNonce(nonce);
} }
// TODO: expiration? other fields? // TODO: expiration? other fields?
idToken.getClaims().setClaim("nonce", unconfirmedAuthorizationRequest.getParameters().get("nonce"));
//Sign //Sign
//TODO: check client to see if they have a preferred alg, attempt to use that //TODO: check client to see if they have a preferred alg, attempt to use that
//TODO: uncomment line below once RsaSigner bean has been set up and added to the configBean
jwtService.signJwt(idToken); jwtService.signJwt(idToken);
token.setIdToken(idToken); token.setIdToken(idToken);