[jira] [Commented] (CXF-7201) Incorrect JSON return in openId connect UserInfo when no signature or encryption

Fri, 30 Dec 2016 04:23:54 -0800 

    [ 
https://issues.apache.org/jira/browse/CXF-7201?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15787578#comment-15787578
 ] 

Sergey Beryozkin commented on CXF-7201:
---------------------------------------

Hi, 
Have a look please at the link I included in the my previous comment, it points 
to a line declaring this provider, it is in rt/rs/extensions/providers. In 
Fediz OIDC UserInfo is also returned in a clear form over HTTPS. 
I agree about a non-clear form and String, I've been also considering for a 
while to let JAXRS JOSE out interceptors to take care of signing/encrypring 
UserInfo on the fly so that the service code does not even deal with it - just 
did not get to it and it is probably a bit too late now.
That said, let me apply your patch anyway but make its 'in place' serialization 
optional - may be that will help you apply Jackson (in our experience it is a 
bit verbose with respect to reporting the properties as nulls, and does not 
really work well if the untyped properties are added). 


> Incorrect JSON return in openId connect UserInfo when no signature or 
> encryption
> --------------------------------------------------------------------------------
>
>                 Key: CXF-7201
>                 URL: https://issues.apache.org/jira/browse/CXF-7201
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS Security
>    Affects Versions: 3.1.9
>            Reporter: Jose Escobar
>            Priority: Minor
>              Labels: jwt, openid
>
> Hello,
> I'm using your org.apache.cxf.rs.security.oidc.idp.UserInfoService tu publish 
> an OpenId connect UserInfo service. When returned JWT requires signature or 
> encryption I get a correctly formatted JWT, but when no signature or 
> encryption is required, returned JSON is not correctly formatted. 
> Problem occurs because on the second scenario, JSON marshal is done out of 
> scope of cxf jose jwt (by default json marshaller). On signature or encrypted 
> JWT, JwtUtils.claimsToJson is used and result is OK.
> I've resolve this using a custom UserInfoService. I'm going to send a pull 
> request with a fix hoping it could be useful.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to