[
https://issues.apache.org/jira/browse/CXF-7201?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15787472#comment-15787472
]
Sergey Beryozkin commented on CXF-7201:
---------------------------------------
Thanks for the patch - but it really works as expected, though I should've
documented it better.
See
https://github.com/apache/cxf-fediz/blob/master/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml#L124
If UserInfo is returned in a clear form over HTTPs then it is serialized at a
JAX-RS MessageBodyWriter level. Your patch is technically OK, but I prefer,
whenever possible, let the OIDC/OAuth2 responses flow via the JAX-RS response
chains (example, may be someone will register ContainerResponseFilter and
augment UserInfo, etc...)
Please validate that registering a provider works for you and if yes - resolve
this issue, thanks
> Incorrect JSON return in openId connect UserInfo when no signature or
> encryption
> --------------------------------------------------------------------------------
>
> Key: CXF-7201
> URL: https://issues.apache.org/jira/browse/CXF-7201
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Affects Versions: 3.1.9
> Reporter: Jose Escobar
> Priority: Minor
> Labels: jwt, openid
>
> Hello,
> I'm using your org.apache.cxf.rs.security.oidc.idp.UserInfoService tu publish
> an OpenId connect UserInfo service. When returned JWT requires signature or
> encryption I get a correctly formatted JWT, but when no signature or
> encryption is required, returned JSON is not correctly formatted.
> Problem occurs because on the second scenario, JSON marshal is done out of
> scope of cxf jose jwt (by default json marshaller). On signature or encrypted
> JWT, JwtUtils.claimsToJson is used and result is OK.
> I've resolve this using a custom UserInfoService. I'm going to send a pull
> request with a fix hoping it could be useful.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
