diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java index 976e2971e..add39dfc3 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java @@ -304,6 +304,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi MultiValueMap form = new LinkedMultiValueMap(); form.add("grant_type", "authorization_code"); form.add("code", authorizationCode); + form.setAll(authOptions.getTokenOptions(serverConfig, clientConfig, request)); String redirectUri = getStoredSessionString(session, REDIRECT_URI_SESION_VARIABLE); if (redirectUri != null) { diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestOptionsService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestOptionsService.java index 0f83df784..b0bd91ec6 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestOptionsService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestOptionsService.java @@ -28,7 +28,8 @@ import org.mitre.openid.connect.config.ServerConfiguration; /** * - * This service provides any extra options that need to be passed to the authentication request. + * This service provides any extra options that need to be passed to the authentication request, + * either through the authorization endpoint (getOptions) or the token endpoint (getTokenOptions). * These options may depend on the server configuration, client configuration, or HTTP request. * * @author jricher @@ -36,6 +37,24 @@ import org.mitre.openid.connect.config.ServerConfiguration; */ public interface AuthRequestOptionsService { + /** + * The set of options needed at the authorization endpoint. + * + * @param server + * @param client + * @param request + * @return + */ public Map getOptions(ServerConfiguration server, RegisteredClient client, HttpServletRequest request); + + /** + * The set of options needed at the token endpoint. + * + * @param server + * @param client + * @param request + * @return + */ + public Map getTokenOptions(ServerConfiguration server, RegisteredClient client, HttpServletRequest request); } diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticAuthRequestOptionsService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticAuthRequestOptionsService.java index e0a253ae8..134c67edc 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticAuthRequestOptionsService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticAuthRequestOptionsService.java @@ -37,7 +37,8 @@ import org.mitre.openid.connect.config.ServerConfiguration; */ public class StaticAuthRequestOptionsService implements AuthRequestOptionsService { - private Map options = new HashMap(); + private Map options = new HashMap<>(); + private Map tokenOptions = new HashMap<>(); /* (non-Javadoc) * @see org.mitre.openid.connect.client.service.AuthRequestOptionsService#getOptions(org.mitre.openid.connect.config.ServerConfiguration, org.mitre.oauth2.model.RegisteredClient, javax.servlet.http.HttpServletRequest) @@ -47,8 +48,16 @@ public class StaticAuthRequestOptionsService implements AuthRequestOptionsServic return options; } + /* (non-Javadoc) + * @see org.mitre.openid.connect.client.service.AuthRequestOptionsService#getTokenOptions(org.mitre.openid.connect.config.ServerConfiguration, org.mitre.oauth2.model.RegisteredClient, javax.servlet.http.HttpServletRequest) + */ + @Override + public Map getTokenOptions(ServerConfiguration server, RegisteredClient client, HttpServletRequest request) { + return tokenOptions; + } + /** - * @return the options + * @return the options object directly */ public Map getOptions() { return options; @@ -61,6 +70,18 @@ public class StaticAuthRequestOptionsService implements AuthRequestOptionsServic this.options = options; } + /** + * @return the tokenOptions + */ + public Map getTokenOptions() { + return tokenOptions; + } + /** + * @param tokenOptions the tokenOptions to set + */ + public void setTokenOptions(Map tokenOptions) { + this.tokenOptions = tokenOptions; + } }