You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/12/10 18:07:22 UTC

[2/4] cxf git commit: Only issue an IdToken if the client has the correct scope (for OpenId)

Only issue an IdToken if the client has the correct scope (for OpenId)

# Conflicts:
#	rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/612e0e58
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/612e0e58
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/612e0e58

Branch: refs/heads/3.0.x-fixes
Commit: 612e0e58f869cb0908db67a6a010eae34fa4f9dc
Parents: 36b35b9
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Dec 10 15:10:32 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Dec 10 16:59:52 2015 +0000

----------------------------------------------------------------------
 .../rs/security/oidc/idp/IdTokenResponseFilter.java   | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/612e0e58/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
index e2cd6ee..8f2ef01 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
@@ -33,7 +33,21 @@ public class IdTokenResponseFilter extends AbstractOAuthServerJoseJwtProducer im
     private String issuer;
     @Override
     public void process(ClientAccessToken ct, ServerAccessToken st) {
+<<<<<<< HEAD
         // This may also be done directly inside a data provider code creating the server token
+=======
+        // Only add an IdToken if the client has the "openid" scope
+        if (ct.getApprovedScope() == null || !ct.getApprovedScope().contains(OidcUtils.OPENID_SCOPE)) {
+            return;
+        }
+        String idToken = getProcessedIdToken(st);
+        if (idToken != null) {
+            ct.getParameters().put(OidcUtils.ID_TOKEN, idToken);
+        } 
+        
+    }
+    private String getProcessedIdToken(ServerAccessToken st) {
+>>>>>>> dc1a867... Only issue an IdToken if the client has the correct scope (for OpenId)
         if (userInfoProvider != null) {
             IdToken token = 
                 userInfoProvider.getIdToken(st.getClient().getClientId(), st.getSubject(), st.getScopes());