private void addUserClaims(JWTClaimsSet jwtClaimsSet, AuthenticatedUser user) { for (Map.Entry<ClaimMapping, String> entry : user.getUserAttributes().entrySet()) { ClaimMapping claimMapping = entry.getKey(); Claim claim = claimMapping.getLocalClaim(); if (claim != null && Constants.CUSTOMER_ID_CLAIM_URI.equalsIgnoreCase(claim.getClaimUri())) { jwtClaimsSet.setClaim(Constants.CUSTOMER_ID_CLAIM_URI, entry.getValue()); } } }
protected String generateJWT(User user) throws Exception { RSAPrivateKey privateKey = getPrivateKey(keyStore, keyStorePassword, alias); // Create RSA-signer with the private key JWSSigner signer = new RSASSASigner(privateKey); // Prepare JWT with claims set JWTClaimsSet claimsSet = new JWTClaimsSet(); claimsSet.setSubject(user.getName()); claimsSet.setClaim("email", user.getEmail()); claimsSet.setClaim("roles", user.getRoles()); claimsSet.setIssuer("wso2.org/products/msf4j"); claimsSet.setExpirationTime(new Date(new Date().getTime() + 60 * 60 * 1000)); //60 min SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claimsSet); // Compute the RSA signature signedJWT.sign(signer); // To serialize to compact form, produces something like // eyJhbGciOiJSUzI1NiJ9.SW4gUlNBIHdlIHRydXN0IQ.IRMQENi4nJyp4er2L // mZq3ivwoAjqa1uUkSBKFIX7ATndFF5ivnt-m8uApHO4kfIFOrW7w2Ezmlg3Qd // maXlS9DhN0nUk_hGI3amEjkKd0BWYCB8vfUbUv0XGjQip78AI4z1PrFRNidm7 // -jPDm5Iq0SZnjKjCNS5Q15fokXZc8u0A return signedJWT.serialize(); }
attributeValues += userAttributeSeparator + attributeValue; jwtClaimsSet.setClaim(attribute.getName(), attributeValues);
claimsSet.setClaim(Claims.TOKEN_TYPE.getName(), tokenType); claimsSet.setClaim(attributeName, attributeValue); claimsSet.setClaim(Claims.TAG_INTERNAL.getName(), tagInternal); claimsSet.setClaim("roles", request.getAllRoles()); customClaims = customClaims.stream() .filter(v -> !(v.getSource().equals("roles") && (v.getClaimSourceRef() == null || v.getClaimSourceRef().equals("system")))) claimsSet.setClaim("groups", request.getAllGroups()); customClaims = customClaims.stream() .filter(v -> !(v.getSource().equals("groups") && (v.getClaimSourceRef() == null || v.getClaimSourceRef().equals("system")))) claims.forEach(c -> ofNullable(values.get(c.getSource())).ifPresent(v -> claimsSet.setClaim(c.getTarget(), v))); } catch (final RuntimeException re) { LOGGER.warning(re.getMessage(), re);
jwtClaimsSet.setSubject(subject); jwtClaimsSet.setAudience(audience); jwtClaimsSet.setClaim("azp", request.getAuthorizationReqDTO().getConsumerKey()); jwtClaimsSet.setExpirationTime(new Date(curTimeInMillis + lifetimeInMillis)); jwtClaimsSet.setIssueTime(new Date(curTimeInMillis)); if (request.getAuthorizationReqDTO().getAuthTime() != 0) { jwtClaimsSet.setClaim("auth_time", request.getAuthorizationReqDTO().getAuthTime() / 1000); jwtClaimsSet.setClaim("at_hash", atHash); jwtClaimsSet.setClaim("nonce", nonceValue); jwtClaimsSet.setClaim("acr", "urn:mace:incommon:iap:silver");
jwtClaimsSet.setSubject(subject); jwtClaimsSet.setAudience(Arrays.asList(request.getOauth2AccessTokenReqDTO().getClientId())); jwtClaimsSet.setClaim(Constants.AUTHORIZATION_PARTY, request.getOauth2AccessTokenReqDTO().getClientId()); jwtClaimsSet.setExpirationTime(new Date(curTimeInMillis + lifetimeInMillis)); jwtClaimsSet.setIssueTime(new Date(curTimeInMillis));
jwtClaimsSet.setSubject(subject); jwtClaimsSet.setAudience(audience); jwtClaimsSet.setClaim("azp", request.getOauth2AccessTokenReqDTO().getClientId()); jwtClaimsSet.setExpirationTime(new Date(curTimeInMillis + lifetimeInMillis)); jwtClaimsSet.setIssueTime(new Date(curTimeInMillis)); if (authTime != 0) { jwtClaimsSet.setClaim("auth_time", authTime / 1000); jwtClaimsSet.setClaim("at_hash", atHash); jwtClaimsSet.setClaim("nonce", nonceValue); jwtClaimsSet.setClaim("acr", "urn:mace:incommon:iap:silver");
jwtClaimsSet.setSubject(subject); jwtClaimsSet.setAudience(Arrays.asList(request.getAuthorizationReqDTO().getConsumerKey())); jwtClaimsSet.setClaim(Constants.AUTHORIZATION_PARTY, request.getAuthorizationReqDTO().getConsumerKey()); jwtClaimsSet.setExpirationTime(new Date(curTimeInMillis + lifetimeInMillis)); jwtClaimsSet.setIssueTime(new Date(curTimeInMillis));
claimsSet.setIssueTime(new Date(issuedTime)); claimsSet.setExpirationTime(new Date(expireIn)); claimsSet.setClaim(API_GATEWAY_ID+"/subscriber",subscriber); claimsSet.setClaim(API_GATEWAY_ID+"/applicationname",applicationName); claimsSet.setClaim(API_GATEWAY_ID+"/enduser",authzUser); claimsSet.setClaim(claimURI, claimList.toArray(new String[claimList.size()])); } else { claimsSet.setClaim(claimURI, claimVal);