[
https://issues.apache.org/jira/browse/OLTU-161?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stefan Bodewig updated OLTU-161:
--------------------------------
Attachment: oltu-161.patch
I've tried to make the patch as much backwards compatible as possible, in
particular the Writer will still emit a non-array version if the claimset
doesn't contain more than one element.
> JWTClaimsSetParser fails when aud is an array
> ---------------------------------------------
>
> Key: OLTU-161
> URL: https://issues.apache.org/jira/browse/OLTU-161
> Project: Apache Oltu
> Issue Type: Bug
> Components: oauth2-jwt
> Affects Versions: oauth2-1.0.0
> Reporter: Stefan Bodewig
> Attachments: oltu-161.patch
>
>
> JWTClaimsSetParser contains
> {code}
> if (AUDIENCE.equals(key)) {
> getBuilder().setClaimsSetAudience(String.valueOf(value));
> {code}
> which leads to something like {{"aud": "[Ljava.lang.Object;@34657d74"}} when
> the audience provided by the server is a JSON array - which is the canonical
> representation and a single string is only the exception according to
> http://openid.net/specs/openid-connect-core-1_0.html#IDToken
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
