cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Making sure an open ended set of extra request properties can be passed through the whole OAuth2 chain, starting with supporting an OIDC claims request prop
Date Mon, 15 Feb 2016 17:51:09 GMT
Repository: cxf
Updated Branches:
  refs/heads/master b0aab58d3 -> 7d1890510


Making sure an open ended set of extra request properties can be passed through the whole
OAuth2 chain, starting with supporting an OIDC claims request prop


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7d189051
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7d189051
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7d189051

Branch: refs/heads/master
Commit: 7d1890510a85d4fd7e70faebc56d6685f103621d
Parents: b0aab58
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Mon Feb 15 17:50:51 2016 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Mon Feb 15 17:50:51 2016 +0000

----------------------------------------------------------------------
 .../oauth2/common/AccessTokenRegistration.java  | 11 +++++
 .../oauth2/common/AccessTokenValidation.java    |  1 +
 .../oauth2/common/OAuthAuthorizationData.java   | 11 -----
 .../rs/security/oauth2/common/OAuthContext.java | 11 +++++
 .../oauth2/common/OAuthRedirectionState.java    | 11 +++++
 .../oauth2/common/ServerAccessToken.java        | 11 +++++
 .../oauth2/filters/OAuthRequestFilter.java      |  1 +
 .../grants/code/AbstractCodeDataProvider.java   |  1 +
 .../code/AuthorizationCodeRegistration.java     |  9 ++++
 .../code/DefaultEncryptingCodeDataProvider.java |  9 +---
 .../code/ServerAuthorizationCodeGrant.java      | 11 +++++
 .../provider/AbstractOAuthDataProvider.java     |  1 +
 .../provider/JoseSessionTokenProvider.java      |  6 +++
 .../services/AbstractImplicitGrantService.java  | 31 +++++++++----
 .../services/AuthorizationCodeGrantService.java | 47 +++++++++++++-------
 .../services/RedirectionBasedGrantService.java  | 37 ++++++++-------
 .../utils/crypto/ModelEncryptionSupport.java    | 17 +++++--
 .../oidc/idp/OidcAuthorizationCodeService.java  | 30 ++++++++++++-
 .../security/oidc/idp/OidcImplicitService.java  | 21 +++++++++
 .../cxf/rs/security/oidc/utils/OidcUtils.java   | 13 +++++-
 20 files changed, 223 insertions(+), 67 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/7d189051/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java
index a4a4a2c..0a00ec4 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java
@@ -18,8 +18,10 @@
  */
 package org.apache.cxf.rs.security.oauth2.common;
 
+import java.util.LinkedHashMap;
 import java.util.LinkedList;
 import java.util.List;
+import java.util.Map;
 
 /**
  * Captures the information associated with the access token request.
@@ -33,6 +35,7 @@ public class AccessTokenRegistration {
     private List<String> audiences = new LinkedList<String>();
     private String nonce;
     private String clientCodeVerifier;
+    private Map<String, String> extraProperties = new LinkedHashMap<String, String>();
     
     /**
      * Sets the {@link Client} instance
@@ -138,4 +141,12 @@ public class AccessTokenRegistration {
     public void setNonce(String nonce) {
         this.nonce = nonce;
     }
+
+    public Map<String, String> getExtraProperties() {
+        return extraProperties;
+    }
+
+    public void setExtraProperties(Map<String, String> extraProperties) {
+        this.extraProperties = extraProperties;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/7d189051/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
index f7b945d..f48d51c 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
@@ -79,6 +79,7 @@ public class AccessTokenValidation {
         this.tokenScopes = token.getScopes();
         this.setAudiences(token.getAudiences());
         this.clientCodeVerifier = token.getClientCodeVerifier();
+        this.extraProps.putAll(token.getExtraProperties());
     }
     
     public String getClientId() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/7d189051/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
index 278303f..ea8ded3 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
@@ -25,9 +25,7 @@ import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 
-import javax.ws.rs.core.MultivaluedMap;
 import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlTransient;
 
 import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 
@@ -51,7 +49,6 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements
Ser
     private String applicationLogoUri;
     private List<String> applicationCertificates = new LinkedList<String>();
     private Map<String, String> extraApplicationProperties = new HashMap<String,
String>();
-    private MultivaluedMap<String, String> requestParameters;
     private boolean implicitFlow;
     
     private List<OAuthPermission> permissions;
@@ -260,12 +257,4 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements
Ser
         return allPerms;
     }
 
-    @XmlTransient
-    public MultivaluedMap<String, String> getRequestParameters() {
-        return requestParameters;
-    }
-
-    public void setRequestParameters(MultivaluedMap<String, String> requestParameters)
{
-        this.requestParameters = requestParameters;
-    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/7d189051/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
index 74d7fc2..047208a 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
@@ -19,7 +19,9 @@
 package org.apache.cxf.rs.security.oauth2.common;
 
 import java.util.Collections;
+import java.util.LinkedHashMap;
 import java.util.List;
+import java.util.Map;
 
 
 /**
@@ -38,6 +40,7 @@ public class OAuthContext {
     private String tokenAudience;
     private String tokenIssuer;
     private String[] tokenRequestParts;
+    private Map<String, String> tokenExtraProperties = new LinkedHashMap<String,
String>();
     
     public OAuthContext(UserSubject resourceOwnerSubject,
                         UserSubject clientSubject,
@@ -143,4 +146,12 @@ public class OAuthContext {
     public void setTokenIssuer(String tokenIssuer) {
         this.tokenIssuer = tokenIssuer;
     }
+
+    public Map<String, String> getTokenExtraProperties() {
+        return tokenExtraProperties;
+    }
+
+    public void setTokenExtraProperties(Map<String, String> tokenExtraProperties) {
+        this.tokenExtraProperties = tokenExtraProperties;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/7d189051/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
index 4a413a0..3ea84e8 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
@@ -19,6 +19,8 @@
 package org.apache.cxf.rs.security.oauth2.common;
 
 import java.io.Serializable;
+import java.util.LinkedHashMap;
+import java.util.Map;
 
 public class OAuthRedirectionState implements Serializable {
     
@@ -32,6 +34,7 @@ public class OAuthRedirectionState implements Serializable {
     private String nonce;
     private String clientCodeChallenge;
     private String responseType;
+    private Map<String, String> extraProperties = new LinkedHashMap<String, String>();
     
     public OAuthRedirectionState() {
     }
@@ -134,6 +137,14 @@ public class OAuthRedirectionState implements Serializable {
     public void setResponseType(String responseType) {
         this.responseType = responseType;
     }
+
+    public Map<String, String> getExtraProperties() {
+        return extraProperties;
+    }
+
+    public void setExtraProperties(Map<String, String> extraProperties) {
+        this.extraProperties = extraProperties;
+    }
     
     
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/7d189051/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
index 89220f3..515568c 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
@@ -18,8 +18,10 @@
  */
 package org.apache.cxf.rs.security.oauth2.common;
 
+import java.util.LinkedHashMap;
 import java.util.LinkedList;
 import java.util.List;
+import java.util.Map;
 
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
@@ -38,6 +40,7 @@ public abstract class ServerAccessToken extends AccessToken {
     private List<String> audiences = new LinkedList<String>();
     private String clientCodeVerifier;
     private String nonce;
+    private Map<String, String> extraProperties = new LinkedHashMap<String, String>();
     
     protected ServerAccessToken() {
         
@@ -167,4 +170,12 @@ public abstract class ServerAccessToken extends AccessToken {
     public void setNonce(String nonce) {
         this.nonce = nonce;
     }
+
+    public Map<String, String> getExtraProperties() {
+        return extraProperties;
+    }
+
+    public void setExtraProperties(Map<String, String> extraProperties) {
+        this.extraProperties = extraProperties;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/7d189051/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
index e8478ad..457beae 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
@@ -169,6 +169,7 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator
         oauthContext.setTokenAudience(validAudience);
         oauthContext.setTokenIssuer(accessTokenV.getTokenIssuer());
         oauthContext.setTokenRequestParts(authParts);
+        oauthContext.setTokenExtraProperties(accessTokenV.getExtraProps());
         m.setContent(OAuthContext.class, oauthContext);
     }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/7d189051/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
index c03ccf3..f41e172 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
@@ -61,6 +61,7 @@ public abstract class AbstractCodeDataProvider extends AbstractOAuthDataProvider
         grant.setAudience(reg.getAudience());
         grant.setClientCodeChallenge(reg.getClientCodeChallenge());
         grant.setNonce(reg.getNonce());
+        grant.getExtraProperties().putAll(reg.getExtraProperties());
         return grant;
     }
     protected abstract void saveCodeGrant(ServerAuthorizationCodeGrant grant);

http://git-wip-us.apache.org/repos/asf/cxf/blob/7d189051/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java
index a3185b7..269e24e 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java
@@ -19,7 +19,9 @@
 package org.apache.cxf.rs.security.oauth2.grants.code;
 
 import java.util.Collections;
+import java.util.LinkedHashMap;
 import java.util.List;
+import java.util.Map;
 
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.UserSubject;
@@ -38,6 +40,7 @@ public class AuthorizationCodeRegistration {
     private String nonce;
     private String clientCodeChallenge;
     private boolean preauthorizedTokenAvailable;
+    private Map<String, String> extraProperties = new LinkedHashMap<String, String>();
     /**
      * Sets the {@link Client} reference
      * @param client the client
@@ -139,4 +142,10 @@ public class AuthorizationCodeRegistration {
     public void setPreauthorizedTokenAvailable(boolean preauthorizedTokenAvailable) {
         this.preauthorizedTokenAvailable = preauthorizedTokenAvailable;
     }
+    public Map<String, String> getExtraProperties() {
+        return extraProperties;
+    }
+    public void setExtraProperties(Map<String, String> extraProperties) {
+        this.extraProperties = extraProperties;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/7d189051/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
index a3ff5b3..aa943dc 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
@@ -98,14 +98,7 @@ public class DefaultEncryptingCodeDataProvider extends DefaultEncryptingOAuthDat
     
     protected ServerAuthorizationCodeGrant doCreateCodeGrant(AuthorizationCodeRegistration
reg)
         throws OAuthServiceException {
-        ServerAuthorizationCodeGrant grant = 
-            new ServerAuthorizationCodeGrant(reg.getClient(), getCode(reg), getGrantLifetime(),
getIssuedAt());
-        grant.setApprovedScopes(getApprovedScopes(reg));
-        grant.setAudience(reg.getAudience());
-        grant.setClientCodeChallenge(reg.getClientCodeChallenge());
-        grant.setSubject(reg.getSubject());
-        grant.setRedirectUri(reg.getRedirectUri());
-        return grant;
+        return AbstractCodeDataProvider.initCodeGrant(reg, grantLifetime);
     }
 
     protected List<String> getApprovedScopes(AuthorizationCodeRegistration reg) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/7d189051/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
index 119cc59..d345fb2 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
@@ -19,7 +19,9 @@
 package org.apache.cxf.rs.security.oauth2.grants.code;
 
 import java.util.Collections;
+import java.util.LinkedHashMap;
 import java.util.List;
+import java.util.Map;
 
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.UserSubject;
@@ -42,6 +44,7 @@ public class ServerAuthorizationCodeGrant extends AuthorizationCodeGrant
{
     private String clientCodeChallenge;
     private String nonce;
     private boolean preauthorizedTokenAvailable;
+    private Map<String, String> extraProperties = new LinkedHashMap<String, String>();
     
     public ServerAuthorizationCodeGrant() {
         
@@ -174,4 +177,12 @@ public class ServerAuthorizationCodeGrant extends AuthorizationCodeGrant
{
     public void setPreauthorizedTokenAvailable(boolean preauthorizedTokenAvailable) {
         this.preauthorizedTokenAvailable = preauthorizedTokenAvailable;
     }
+
+    public Map<String, String> getExtraProperties() {
+        return extraProperties;
+    }
+
+    public void setExtraProperties(Map<String, String> extraProperties) {
+        this.extraProperties = extraProperties;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/7d189051/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index 1673659..275081a 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -72,6 +72,7 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider,
Cl
         at.setSubject(atReg.getSubject());
         at.setClientCodeVerifier(atReg.getClientCodeVerifier());
         at.setNonce(atReg.getNonce());
+        at.getExtraProperties().putAll(atReg.getExtraProperties());
         return at;
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/7d189051/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
index 0c23db1..edd14a6 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
@@ -171,6 +171,9 @@ public class JoseSessionTokenProvider implements SessionAuthenticityTokenProvide
         if (!StringUtils.isEmpty(parts[7])) {
             state.setResponseType(parts[7]);
         }
+        if (!StringUtils.isEmpty(parts[8])) {
+            state.setExtraProperties(ModelEncryptionSupport.parseSimpleMap(parts[8]));
+        }
         return state;
     }
     protected String convertStateToString(OAuthRedirectionState secData) {
@@ -199,6 +202,9 @@ public class JoseSessionTokenProvider implements SessionAuthenticityTokenProvide
         state.append(ModelEncryptionSupport.SEP);
         // 7: response_type
         state.append(ModelEncryptionSupport.tokenizeString(secData.getResponseType()));
+        state.append(ModelEncryptionSupport.SEP);
+        // 8: extra props
+        state.append(secData.getExtraProperties().toString());
         
         return state.toString();
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/7d189051/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
index f3c466b..962ba4a 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
@@ -56,6 +56,7 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant
         super(supportedResponseTypes, supportedGrantType);
     }
     
+    
     protected Response createGrant(OAuthRedirectionState state,
                                    Client client,
                                    List<String> requestedScope,
@@ -65,15 +66,11 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant
         
         ServerAccessToken token = null;
         if (preAuthorizedToken == null) {
-            AccessTokenRegistration reg = new AccessTokenRegistration();
-            reg.setClient(client);
-            reg.setGrantType(super.getSupportedGrantType());
-            reg.setSubject(userSubject);
-            reg.setRequestedScope(requestedScope);        
-            reg.setApprovedScope(getApprovedScope(requestedScope, approvedScope));
-            
-            reg.setAudiences(Collections.singletonList(state.getAudience()));
-            reg.setNonce(state.getNonce());
+            AccessTokenRegistration reg = createTokenRegistration(state,
+                                                                  client,
+                                                                  requestedScope,
+                                                                  approvedScope,
+                                                                  userSubject);
             token = getDataProvider().createAccessToken(reg);
         } else {
             token = preAuthorizedToken;
@@ -111,6 +108,22 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant
         return finalizeResponse(sb, state);
     }
     
+    protected AccessTokenRegistration createTokenRegistration(OAuthRedirectionState state,

+                                                              Client client, 
+                                                              List<String> requestedScope,

+                                                              List<String> approvedScope,

+                                                              UserSubject userSubject) {
+        AccessTokenRegistration reg = new AccessTokenRegistration();
+        reg.setClient(client);
+        reg.setGrantType(super.getSupportedGrantType());
+        reg.setSubject(userSubject);
+        reg.setRequestedScope(requestedScope);        
+        reg.setApprovedScope(getApprovedScope(requestedScope, approvedScope));
+        
+        reg.setAudiences(Collections.singletonList(state.getAudience()));
+        reg.setNonce(state.getNonce());
+        return reg;
+    }
     protected Response finalizeResponse(StringBuilder sb, OAuthRedirectionState state) {
         if (state.getState() != null) {
             sb.append("&");

http://git-wip-us.apache.org/repos/asf/cxf/blob/7d189051/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
index 943cfd9..4b78c4e 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
@@ -72,16 +72,16 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
         OAuthAuthorizationData data = 
             super.createAuthorizationData(client, params, redirectUri, subject, 
                                           requestedPerms, alreadyAuthorizedPerms, authorizationCanBeSkipped);
-        setCodeQualifier(data, params);
+        setCodeChallenge(data, params);
         return data;
     }
-    protected OAuthRedirectionState recreateRedirectionStateFromSession(
-        UserSubject subject, MultivaluedMap<String, String> params, String sessionToken)
{
-        OAuthRedirectionState state = super.recreateRedirectionStateFromSession(subject,
params, sessionToken);
-        setCodeQualifier(state, params);
+    protected OAuthRedirectionState recreateRedirectionStateFromParams(
+        MultivaluedMap<String, String> params) {
+        OAuthRedirectionState state = super.recreateRedirectionStateFromParams(params);
+        setCodeChallenge(state, params);
         return state;
     }
-    private static void setCodeQualifier(OAuthRedirectionState data, MultivaluedMap<String,
String> params) {
+    private static void setCodeChallenge(OAuthRedirectionState data, MultivaluedMap<String,
String> params) {
         data.setClientCodeChallenge(params.getFirst(OAuthConstants.AUTHORIZATION_CODE_CHALLENGE));
     }
     protected Response createGrant(OAuthRedirectionState state,
@@ -92,16 +92,12 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
                                    ServerAccessToken preauthorizedToken) {
         // in this flow the code is still created, the preauthorized token
         // will be retrieved by the authorization code grant handler
-        AuthorizationCodeRegistration codeReg = new AuthorizationCodeRegistration(); 
-        codeReg.setPreauthorizedTokenAvailable(preauthorizedToken != null);
-        codeReg.setClient(client);
-        codeReg.setRedirectUri(state.getRedirectUri());
-        codeReg.setRequestedScope(requestedScope);
-        codeReg.setApprovedScope(getApprovedScope(requestedScope, approvedScope));
-        codeReg.setSubject(userSubject);
-        codeReg.setAudience(state.getAudience());
-        codeReg.setNonce(state.getNonce());
-        codeReg.setClientCodeChallenge(state.getClientCodeChallenge());
+        AuthorizationCodeRegistration codeReg = createCodeRegistration(state,
+                                                                       client,
+                                                                       requestedScope,
+                                                                       approvedScope,
+                                                                       userSubject,
+                                                                       preauthorizedToken);
         
         ServerAuthorizationCodeGrant grant = null;
         try {
@@ -128,6 +124,25 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
             return Response.seeOther(ub.build()).build();
         }
     }
+    
+    protected AuthorizationCodeRegistration createCodeRegistration(OAuthRedirectionState
state, 
+                                                                   Client client, 
+                                                                   List<String> requestedScope,

+                                                                   List<String> approvedScope,

+                                                                   UserSubject userSubject,

+                                                                   ServerAccessToken preauthorizedToken)
{
+        AuthorizationCodeRegistration codeReg = new AuthorizationCodeRegistration(); 
+        codeReg.setPreauthorizedTokenAvailable(preauthorizedToken != null);
+        codeReg.setClient(client);
+        codeReg.setRedirectUri(state.getRedirectUri());
+        codeReg.setRequestedScope(requestedScope);
+        codeReg.setApprovedScope(getApprovedScope(requestedScope, approvedScope));
+        codeReg.setSubject(userSubject);
+        codeReg.setAudience(state.getAudience());
+        codeReg.setNonce(state.getNonce());
+        codeReg.setClientCodeChallenge(state.getClientCodeChallenge());
+        return codeReg;
+    }
     protected String processCodeGrant(Client client, String code, UserSubject endUser) {
         if (codeResponseFilter != null) {
             return codeResponseFilter.process(client, code, endUser);

http://git-wip-us.apache.org/repos/asf/cxf/blob/7d189051/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 22f248f..f7c3218 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -240,7 +240,6 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
                                                              boolean authorizationCanBeSkipped)
{
         
         OAuthAuthorizationData secData = new OAuthAuthorizationData();
-        secData.setRequestParameters(params);
         
         secData.setState(params.getFirst(OAuthConstants.STATE));
         secData.setRedirectUri(redirectUri);
@@ -277,26 +276,28 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         return secData;
     }
     protected OAuthRedirectionState recreateRedirectionStateFromSession(
-        UserSubject subject, MultivaluedMap<String, String> params, String sessionToken)
{
-        OAuthRedirectionState state = null; 
+        UserSubject subject, String sessionToken) {
         if (sessionAuthenticityTokenProvider != null) {
-            state = sessionAuthenticityTokenProvider.getSessionState(super.getMessageContext(),

+            return sessionAuthenticityTokenProvider.getSessionState(super.getMessageContext(),

                                                                      sessionToken,
                                                                      subject);
+        } else {
+            return null;
         }
-        if (state == null) {
-            state = new OAuthRedirectionState();
-            state.setClientId(params.getFirst(OAuthConstants.CLIENT_ID));
-            state.setRedirectUri(params.getFirst(OAuthConstants.REDIRECT_URI));
-            state.setAudience(params.getFirst(OAuthConstants.CLIENT_AUDIENCE));
-            state.setProposedScope(params.getFirst(OAuthConstants.SCOPE));
-            state.setState(params.getFirst(OAuthConstants.STATE));
-            state.setNonce(params.getFirst(OAuthConstants.NONCE));
-            state.setResponseType(params.getFirst(OAuthConstants.RESPONSE_TYPE));
-        }
-        return state;
     }
     
+    
+    protected OAuthRedirectionState recreateRedirectionStateFromParams(MultivaluedMap<String,
String> params) {
+        OAuthRedirectionState state = new OAuthRedirectionState();
+        state.setClientId(params.getFirst(OAuthConstants.CLIENT_ID));
+        state.setRedirectUri(params.getFirst(OAuthConstants.REDIRECT_URI));
+        state.setAudience(params.getFirst(OAuthConstants.CLIENT_AUDIENCE));
+        state.setProposedScope(params.getFirst(OAuthConstants.SCOPE));
+        state.setState(params.getFirst(OAuthConstants.STATE));
+        state.setNonce(params.getFirst(OAuthConstants.NONCE));
+        state.setResponseType(params.getFirst(OAuthConstants.RESPONSE_TYPE));
+        return state;
+    }
     protected void personalizeData(OAuthAuthorizationData data, UserSubject userSubject)
{
         if (resourceOwnerNameProvider != null) {
             data.setEndUserName(resourceOwnerNameProvider.getName(userSubject));
@@ -331,8 +332,10 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
             throw ExceptionUtils.toBadRequestException(null, null);     
         }
         
-        OAuthRedirectionState state = 
-            recreateRedirectionStateFromSession(userSubject, params, sessionToken);
+        OAuthRedirectionState state = recreateRedirectionStateFromSession(userSubject, sessionToken);
+        if (state == null) {
+            state = recreateRedirectionStateFromParams(params); 
+        }
         
         Client client = getClient(state.getClientId());
         String redirectUri = validateRedirectUri(client, state.getRedirectUri());

http://git-wip-us.apache.org/repos/asf/cxf/blob/7d189051/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
index c23f421..9f5a929 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
@@ -256,7 +256,9 @@ public final class ModelEncryptionSupport {
         newToken.setClientCodeVerifier(parts[10]);
         //UserSubject:
         newToken.setSubject(recreateUserSubject(parts[11]));
-                
+        
+        newToken.setExtraProperties(parseSimpleMap(parts[12]));
+        
         return newToken;
     }
     
@@ -322,7 +324,10 @@ public final class ModelEncryptionSupport {
         state.append(SEP);
         // 11: user subject
         tokenizeUserSubject(state, token.getSubject());
-        
+        // 13: extra properties
+        state.append(SEP);
+        // {key=value, key=value}
+        state.append(token.getExtraProperties().toString());
         return state.toString();
     }
     
@@ -402,6 +407,7 @@ public final class ModelEncryptionSupport {
         grant.setClientCodeChallenge(getStringPart(parts[6]));
         grant.setApprovedScopes(parseSimpleList(parts[7]));
         grant.setSubject(recreateUserSubject(parts[8]));
+        grant.setExtraProperties(parseSimpleMap(parts[9]));
         return grant; 
     }
     private static String tokenizeCodeGrant(ServerAuthorizationCodeGrant grant) {
@@ -432,7 +438,10 @@ public final class ModelEncryptionSupport {
         state.append(SEP);
         // 8: subject
         tokenizeUserSubject(state, grant.getSubject());
-        
+        // 9: extra properties
+        state.append(SEP);
+        // {key=value, key=value}
+        state.append(grant.getExtraProperties().toString());
         return state.toString();
     }
     
@@ -453,7 +462,7 @@ public final class ModelEncryptionSupport {
         }
     }
     
-    private static Map<String, String> parseSimpleMap(String mapStr) {
+    public static Map<String, String> parseSimpleMap(String mapStr) {
         Map<String, String> props = new HashMap<String, String>();
         List<String> entries = parseSimpleList(mapStr);
         for (String entry : entries) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/7d189051/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
index 67a7118..59ef008 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
@@ -20,10 +20,16 @@ package org.apache.cxf.rs.security.oidc.idp;
 
 import java.util.List;
 
+import javax.ws.rs.core.MultivaluedMap;
+
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
+import org.apache.cxf.rs.security.oauth2.common.OAuthRedirectionState;
+import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
 import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration;
 import org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService;
+import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
 
 public class OidcAuthorizationCodeService extends AuthorizationCodeGrantService {
     private static final String OPEN_ID_CONNECT_SCOPE = "openid";
@@ -42,5 +48,27 @@ public class OidcAuthorizationCodeService extends AuthorizationCodeGrantService
     public void setSkipAuthorizationWithOidcScope(boolean skipAuthorizationWithOidcScope)
{
         this.skipAuthorizationWithOidcScope = skipAuthorizationWithOidcScope;
     }
-    
+    protected AuthorizationCodeRegistration createCodeRegistration(OAuthRedirectionState
state, 
+                                                                   Client client, 
+                                                                   List<String> requestedScope,

+                                                                   List<String> approvedScope,

+                                                                   UserSubject userSubject,

+                                                                   ServerAccessToken preauthorizedToken)
{
+        AuthorizationCodeRegistration codeReg = super.createCodeRegistration(state, 
+                                                                             client, 
+                                                                             requestedScope,

+                                                                             approvedScope,

+                                                                             userSubject,

+                                                                             preauthorizedToken);
+        
+        codeReg.getExtraProperties().putAll(state.getExtraProperties());
+        return codeReg;
+    }
+    @Override
+    protected OAuthRedirectionState recreateRedirectionStateFromParams(
+        MultivaluedMap<String, String> params) {
+        OAuthRedirectionState state = super.recreateRedirectionStateFromParams(params);
+        OidcUtils.setStateClaimsProperty(state, params);
+        return state;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/7d189051/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
index 359d172..94dd845 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
@@ -27,6 +27,7 @@ import javax.ws.rs.core.Response;
 
 import org.apache.cxf.rs.security.jose.jwt.JoseJwtProducer;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.OAuthError;
 import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
@@ -127,6 +128,26 @@ public class OidcImplicitService extends ImplicitGrantService {
         }
     }
 
+    @Override
+    protected OAuthRedirectionState recreateRedirectionStateFromParams(
+        MultivaluedMap<String, String> params) {
+        OAuthRedirectionState state = super.recreateRedirectionStateFromParams(params);
+        OidcUtils.setStateClaimsProperty(state, params);
+        return state;
+    }
+    
+    @Override
+    protected AccessTokenRegistration createTokenRegistration(OAuthRedirectionState state,

+                                                              Client client, 
+                                                              List<String> requestedScope,

+                                                              List<String> approvedScope,

+                                                              UserSubject userSubject) {
+        AccessTokenRegistration reg = 
+            super.createTokenRegistration(state, client, requestedScope, approvedScope, userSubject);
+        reg.getExtraProperties().putAll(state.getExtraProperties());
+        return reg;
+    }
+    
     protected String processIdToken(IdToken idToken) {
         JoseJwtProducer processor = idTokenHandler == null ? new JoseJwtProducer() : idTokenHandler;

         return processor.processJwt(new JwtToken(idToken));

http://git-wip-us.apache.org/repos/asf/cxf/blob/7d189051/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
index d6363e7..823e757 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
@@ -24,12 +24,15 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import javax.ws.rs.core.MultivaluedMap;
+
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jws.JwsException;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oauth2.common.OAuthRedirectionState;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oidc.common.IdToken;
 import org.apache.cxf.rs.security.oidc.common.UserInfo;
@@ -48,6 +51,8 @@ public final class OidcUtils {
                                                                   UserInfo.EMAIL_VERIFIED_CLAIM);
     public static final List<String> ADDRESS_CLAIMS = Arrays.asList(UserInfo.ADDRESS_CLAIM);
     public static final List<String> PHONE_CLAIMS = Arrays.asList(UserInfo.PHONE_CLAIM);
+    public static final String CLAIMS_PARAM = "claims";
+    
     private static final Map<String, List<String>> SCOPES_MAP;
     static {
         SCOPES_MAP = new HashMap<String, List<String>>();
@@ -140,5 +145,11 @@ public final class OidcUtils {
             throw new OAuthServiceException(ex);
         }
     }
-    
+    public static void setStateClaimsProperty(OAuthRedirectionState state,
+                                              MultivaluedMap<String, String> params)
{
+        String claims = params.getFirst(OidcUtils.CLAIMS_PARAM);
+        if (claims != null) {
+            state.getExtraProperties().put(OidcUtils.CLAIMS_PARAM, claims);
+        }
+    }
 }


Mime
View raw message