Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Provide fix for Google iss claim 

Fixes gh-4511
This commit is contained in:
Joe Grandja 2017-08-26 18:49:05 -04:00
parent 4951550d7d
commit b6212cba66
1 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/oidc/core/IdToken.java
View File

@ -44,11 +44,27 @@ public class IdToken extends SecurityToken implements IdTokenClaimAccessor {
public IdToken(String tokenValue, Instant issuedAt, Instant expiresAt, Map<String, Object> claims) {
super(tokenValue, issuedAt, expiresAt);
Assert.notEmpty(claims, "claims cannot be empty");
this.claims = Collections.unmodifiableMap(new LinkedHashMap<>(claims));
this.claims = Collections.unmodifiableMap(new LinkedHashMap<>(this.sanitize(claims)));
}
@Override
public Map<String, Object> getClaims() {
return this.claims;
}
private Map<String, Object> sanitize(Map<String, Object> claims) {
// NOTE:
// Google's OpenID Connect implementation issues ID Tokens
// that omit the required https:// scheme prefix from the iss claim.
// This method will apply the required scheme prefix as a temporary workaround
// until Google's OpenID Connect implementation is updated.
// See http://openid.net/specs/openid-connect-core-1_0.html#GoogleIss
String iss = (String)claims.get(IdTokenClaim.ISS);
if (!iss.startsWith("https://")) {
claims = new LinkedHashMap<>(claims);
claims.put(IdTokenClaim.ISS, "https://" + iss);
}
return claims;
}
}