@Override public void process(ClientAccessToken ct, ServerAccessToken st) { if (st.getResponseType() != null && OidcUtils.CODE_AT_RESPONSE_TYPE.equals(st.getResponseType()) && OAuthConstants.IMPLICIT_GRANT.equals(st.getGrantType())) { // token post-processing as part of the current hybrid (implicit) flow // so no id_token is returned now - however when the code gets exchanged later on // this filter will add id_token to the returned access token return; } // Only add an IdToken if the client has the "openid" scope if (ct.getApprovedScope() == null || !ct.getApprovedScope().contains(OidcUtils.OPENID_SCOPE)) { return; } String idToken = getProcessedIdToken(st); if (idToken != null) { ct.getParameters().put(OidcUtils.ID_TOKEN, idToken); } } private String getProcessedIdToken(ServerAccessToken st) {
@Override public void process(ClientAccessToken ct, ServerAccessToken st) { if (st.getResponseType() != null && OidcUtils.CODE_AT_RESPONSE_TYPE.equals(st.getResponseType()) && OAuthConstants.IMPLICIT_GRANT.equals(st.getGrantType())) { // token post-processing as part of the current hybrid (implicit) flow // so no id_token is returned now - however when the code gets exchanged later on // this filter will add id_token to the returned access token return; } // Only add an IdToken if the client has the "openid" scope if (ct.getApprovedScope() == null || !ct.getApprovedScope().contains(OidcUtils.OPENID_SCOPE)) { return; } String idToken = getProcessedIdToken(st); if (idToken != null) { ct.getParameters().put(OidcUtils.ID_TOKEN, idToken); } } private String getProcessedIdToken(ServerAccessToken st) {
protected ServerAccessToken(ServerAccessToken token, String key) { super(token.getTokenType(), key, token.getExpiresIn(), token.getIssuedAt(), token.getRefreshToken(), token.getParameters()); this.client = token.getClient(); this.grantType = token.getGrantType(); this.scopes = token.getScopes(); this.audiences = token.getAudiences(); this.subject = token.getSubject(); this.responseType = token.getResponseType(); this.clientCodeVerifier = token.getClientCodeVerifier(); this.nonce = token.getNonce(); this.grantCode = token.getGrantCode(); }
protected ServerAccessToken(ServerAccessToken token, String key) { super(token.getTokenType(), key, token.getExpiresIn(), token.getIssuedAt(), token.getRefreshToken(), token.getParameters()); this.client = token.getClient(); this.grantType = token.getGrantType(); this.scopes = token.getScopes(); this.audiences = token.getAudiences(); this.subject = token.getSubject(); this.responseType = token.getResponseType(); this.clientCodeVerifier = token.getClientCodeVerifier(); this.nonce = token.getNonce(); this.grantCode = token.getGrantCode(); }
private void setAtHashAndNonce(IdToken idToken, ServerAccessToken st) { String rType = st.getResponseType(); boolean atHashRequired = idToken.getAccessTokenHash() == null && (rType == null || !rType.equals(OidcUtils.ID_TOKEN_RESPONSE_TYPE));
private void setAtHashAndNonce(IdToken idToken, ServerAccessToken st) { String rType = st.getResponseType(); boolean atHashRequired = idToken.getAccessTokenHash() == null && (rType == null || !rType.equals(OidcUtils.ID_TOKEN_RESPONSE_TYPE));