cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/2] cxf git commit: Only issue an IdToken if the client has the correct scope (for OpenId)
Date Thu, 10 Dec 2015 16:58:13 GMT
Only issue an IdToken if the client has the correct scope (for OpenId)


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/dc1a867f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/dc1a867f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/dc1a867f

Branch: refs/heads/3.1.x-fixes
Commit: dc1a867f9527ce3431f097fde27a984b0c3c324e
Parents: 4748548
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Dec 10 15:10:32 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Dec 10 16:51:53 2015 +0000

----------------------------------------------------------------------
 .../apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java  | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/dc1a867f/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
index 0a19d8e..b8ab2b2 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
@@ -35,7 +35,10 @@ public class IdTokenResponseFilter extends AbstractOAuthServerJoseJwtProducer
im
     private UserInfoProvider userInfoProvider;
     @Override
     public void process(ClientAccessToken ct, ServerAccessToken st) {
-        
+        // Only add an IdToken if the client has the "openid" scope
+        if (ct.getApprovedScope() == null || !ct.getApprovedScope().contains(OidcUtils.OPENID_SCOPE))
{
+            return;
+        }
         String idToken = getProcessedIdToken(st);
         if (idToken != null) {
             ct.getParameters().put(OidcUtils.ID_TOKEN, idToken);


Mime
View raw message