github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

added key id to id token, closes #725

pull/730/head
Justin Richer 2014-11-12 16:21:47 -10:00
parent d87bdb2120
commit c600787f1c
3 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/JwtSigningAndValidationService.java
View File

@ -74,6 +74,8 @@ public interface JwtSigningAndValidationService {
*/ */
public void signJwt(SignedJWT jwt, JWSAlgorithm alg); public void signJwt(SignedJWT jwt, JWSAlgorithm alg);
public String getDefaultSignerKeyId();
/** /**
* TODO: method to sign a jwt using a specified algorithm and a key id * TODO: method to sign a jwt using a specified algorithm and a key id
*/ */

1
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJwtSigningAndValidationService.java
View File

@ -113,6 +113,7 @@ public class DefaultJwtSigningAndValidationService implements JwtSigningAndValid
/** /**
* @return the defaultSignerKeyId * @return the defaultSignerKeyId
*/ */
@Override
public String getDefaultSignerKeyId() { public String getDefaultSignerKeyId() {
return defaultSignerKeyId; return defaultSignerKeyId;
} }

7
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java
View File

@ -166,16 +166,21 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
} else { } else {
// signed ID token // signed ID token
idToken = new SignedJWT(new JWSHeader(signingAlg), idClaims);
if (signingAlg.equals(JWSAlgorithm.HS256) if (signingAlg.equals(JWSAlgorithm.HS256)
|| signingAlg.equals(JWSAlgorithm.HS384) || signingAlg.equals(JWSAlgorithm.HS384)
|| signingAlg.equals(JWSAlgorithm.HS512)) { || signingAlg.equals(JWSAlgorithm.HS512)) {
idToken = new SignedJWT(new JWSHeader(signingAlg), idClaims);
JwtSigningAndValidationService signer = symmetricCacheService.getSymmetricValidtor(client); JwtSigningAndValidationService signer = symmetricCacheService.getSymmetricValidtor(client);
// sign it with the client's secret // sign it with the client's secret
signer.signJwt((SignedJWT) idToken); signer.signJwt((SignedJWT) idToken);
} else { } else {
idClaims.setCustomClaim("kid", jwtService.getDefaultSignerKeyId());
idToken = new SignedJWT(new JWSHeader(signingAlg), idClaims);
// sign it with the server's key // sign it with the server's key
jwtService.signJwt((SignedJWT) idToken); jwtService.signJwt((SignedJWT) idToken);