From ca777f7dc4cc804b089e8a2059c73b3791940eeb Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mitre.org>
Date: Tue, 20 Aug 2013 16:45:26 -0400
Subject: [PATCH] proper null check for client's preferred signature method

---
 .../mitre/openid/connect/token/ConnectTokenEnhancer.java | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java
index 410915ac5..d66251bab 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java
@@ -89,12 +89,9 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
 
 		claims.setJWTID(UUID.randomUUID().toString()); // set a random NONCE in the middle of it
 
-		JWSAlgorithm signingAlg; 
-		JWSAlgorithm clientAlg = client.getIdTokenSignedResponseAlg().getAlgorithm();
-		if (clientAlg != null) {
-			signingAlg = clientAlg;
-		} else {
-			signingAlg = jwtService.getDefaultSigningAlgorithm();
+		JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm();
+		if (client.getIdTokenSignedResponseAlg() != null) {
+			signingAlg = client.getIdTokenSignedResponseAlg().getAlgorithm();
 		}
 		
 		SignedJWT signed = new SignedJWT(new JWSHeader(signingAlg), claims);