cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-6692] Preparing to support storing the token jose representations only
Date Thu, 11 Aug 2016 12:17:53 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 7e185b710 -> df424f5a4


[CXF-6692] Preparing to support storing the token jose representations only


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/df424f5a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/df424f5a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/df424f5a

Branch: refs/heads/3.1.x-fixes
Commit: df424f5a46f5a6e7be339308d85799865fb84573
Parents: 7e185b7
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Thu Aug 11 13:07:48 2016 +0100
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Thu Aug 11 13:17:33 2016 +0100

----------------------------------------------------------------------
 .../provider/AbstractOAuthDataProvider.java     | 21 ++++++++++++++++++++
 1 file changed, 21 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/df424f5a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index d2431ea..4d2ede4 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -120,6 +120,27 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider,
Cl
             claims.setClaim("resource", 
                             resourceAudiences.size() == 1 ? resourceAudiences.get(0) : resourceAudiences);
         }
+        for (Map.Entry<String, String> entry : at.getExtraProperties().entrySet())
{
+            claims.setClaim(entry.getKey(), entry.getValue());
+        }
+        // Can be used to check at RS/etc which grant was used to get this token issued
+        if (at.getGrantType() != null) {
+            claims.setClaim(OAuthConstants.GRANT_TYPE, at.getGrantType());
+        }
+        // Can be used to check the original code grant value which was removed from the
storage
+        // (and is no longer valid) when this token was issued; relevant only if the authorization
+        // code flow was used
+        if (at.getGrantCode() != null) {
+            claims.setClaim("grant_code", at.getGrantType());
+        }
+        // Can be used to link the clients (especially public ones) to this token
+        // to have a knowledge which client instance is using this token - might be handy
at the RS/etc
+        if (at.getClientCodeVerifier() != null) {
+            claims.setClaim("code_verifier", at.getClientCodeVerifier());
+        }
+        // ServerAccessToken 'nonce' property, if available, can be ignored for the purpose
for persisting it
+        // further as a JWT claim - as it is only used once by (OIDC) IdTokenResponseFilter
+        // to set IdToken nonce property with the filter havinh an access to the current
ServerAccessToken instance
         
         //TODO: consider auto-setting all the remaining token properties as claims either
optionally 
         // or if JWE encryption is enabled for the providers be able to choose if they


Mime
View raw message