Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Revert "Provide fix for Google iss claim" 

This reverts commit b6212cba66.
This commit is contained in:
Joe Grandja 2017-09-13 14:07:23 -04:00
parent e31684bcf5
commit 9133eb1b78
1 changed files with 1 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/oidc/core/IdToken.java
View File

@ -44,27 +44,11 @@ public class IdToken extends SecurityToken implements IdTokenClaimAccessor {
public IdToken(String tokenValue, Instant issuedAt, Instant expiresAt, Map<String, Object> claims) { public IdToken(String tokenValue, Instant issuedAt, Instant expiresAt, Map<String, Object> claims) {
super(tokenValue, issuedAt, expiresAt); super(tokenValue, issuedAt, expiresAt);
Assert.notEmpty(claims, "claims cannot be empty"); Assert.notEmpty(claims, "claims cannot be empty");
this.claims = Collections.unmodifiableMap(new LinkedHashMap<>(this.sanitize(claims))); this.claims = Collections.unmodifiableMap(new LinkedHashMap<>(claims));
} }
@Override @Override
public Map<String, Object> getClaims() { public Map<String, Object> getClaims() {
return this.claims; return this.claims;
} }
private Map<String, Object> sanitize(Map<String, Object> claims) {
// NOTE:
// Google's OpenID Connect implementation issues ID Tokens
// that omit the required https:// scheme prefix from the iss claim.
// This method will apply the required scheme prefix as a temporary workaround
// until Google's OpenID Connect implementation is updated.
// See http://openid.net/specs/openid-connect-core-1_0.html#GoogleIss
String iss = (String)claims.get(IdTokenClaim.ISS);
if (!iss.startsWith("https://")) {
claims = new LinkedHashMap<>(claims);
claims.put(IdTokenClaim.ISS, "https://" + iss);
}
return claims;
}
} }