Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 7e185b710 -> df424f5a4
[CXF-6692] Preparing to support storing the token jose representations only Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/df424f5a Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/df424f5a Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/df424f5a Branch: refs/heads/3.1.x-fixes Commit: df424f5a46f5a6e7be339308d85799865fb84573 Parents: 7e185b7 Author: Sergey Beryozkin <[email protected]> Authored: Thu Aug 11 13:07:48 2016 +0100 Committer: Sergey Beryozkin <[email protected]> Committed: Thu Aug 11 13:17:33 2016 +0100 ---------------------------------------------------------------------- .../provider/AbstractOAuthDataProvider.java | 21 ++++++++++++++++++++ 1 file changed, 21 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/df424f5a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java index d2431ea..4d2ede4 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java @@ -120,6 +120,27 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl claims.setClaim("resource", resourceAudiences.size() == 1 ? resourceAudiences.get(0) : resourceAudiences); } + for (Map.Entry<String, String> entry : at.getExtraProperties().entrySet()) { + claims.setClaim(entry.getKey(), entry.getValue()); + } + // Can be used to check at RS/etc which grant was used to get this token issued + if (at.getGrantType() != null) { + claims.setClaim(OAuthConstants.GRANT_TYPE, at.getGrantType()); + } + // Can be used to check the original code grant value which was removed from the storage + // (and is no longer valid) when this token was issued; relevant only if the authorization + // code flow was used + if (at.getGrantCode() != null) { + claims.setClaim("grant_code", at.getGrantType()); + } + // Can be used to link the clients (especially public ones) to this token + // to have a knowledge which client instance is using this token - might be handy at the RS/etc + if (at.getClientCodeVerifier() != null) { + claims.setClaim("code_verifier", at.getClientCodeVerifier()); + } + // ServerAccessToken 'nonce' property, if available, can be ignored for the purpose for persisting it + // further as a JWT claim - as it is only used once by (OIDC) IdTokenResponseFilter + // to set IdToken nonce property with the filter havinh an access to the current ServerAccessToken instance //TODO: consider auto-setting all the remaining token properties as claims either optionally // or if JWE encryption is enabled for the providers be able to choose if they
