fix(jans-auth-server): corrected jarm response mode

JanssenProject · Jan 28, 2022 · 9e3bf69 · 9e3bf69
1 parent 1d4b53b
commit 9e3bf69
Showing 1 changed file with 5 additions and 9 deletions.
diff --git a/...r/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceImpl.java b/...r/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceImpl.java
@@ -402,6 +402,7 @@ private Response requestAuthorization(
                     responseMode = extractResponseMode(request);
                     if (responseMode == ResponseMode.JWT) {
                         Jwt jwt = Jwt.parseSilently(request);
+                        redirectUriResponse.getRedirectUri().setResponseMode(ResponseMode.JWT);
                         fillRedirectUriResponseforJARM(redirectUriResponse, jwt, client);
                         if (appConfiguration.isFapi()) {
                             authorizeRestWebServiceValidator.throwInvalidJwtRequestExceptionAsJwtMode(redirectUriResponse,
@@ -798,18 +799,13 @@ private void fillRedirectUriResponseforJARM(RedirectUriResponse redirectUriRespo
                     redirectUriResponse.getRedirectUri().setBaseRedirectUri(URLDecoder.decode(tempRedirectUri, "UTF-8"));
                 }
             }
-            redirectUriResponse.getRedirectUri().setResponseMode(ResponseMode.JWT);
             String clientId = client.getClientId();
             redirectUriResponse.getRedirectUri().setIssuer(appConfiguration.getIssuer());
             redirectUriResponse.getRedirectUri().setAudience(clientId);
-            redirectUriResponse.getRedirectUri()
-                    .setAuthorizationCodeLifetime(appConfiguration.getAuthorizationCodeLifetime());
-            redirectUriResponse.getRedirectUri().setSignatureAlgorithm(
-                    SignatureAlgorithm.fromString(client.getAttributes().getAuthorizationSignedResponseAlg()));
-            redirectUriResponse.getRedirectUri().setKeyEncryptionAlgorithm(
-                    KeyEncryptionAlgorithm.fromName(client.getAttributes().getAuthorizationEncryptedResponseAlg()));
-            redirectUriResponse.getRedirectUri().setBlockEncryptionAlgorithm(
-                    BlockEncryptionAlgorithm.fromName(client.getAttributes().getAuthorizationEncryptedResponseEnc()));
+            redirectUriResponse.getRedirectUri().setAuthorizationCodeLifetime(appConfiguration.getAuthorizationCodeLifetime());
+            redirectUriResponse.getRedirectUri().setSignatureAlgorithm(SignatureAlgorithm.fromString(client.getAttributes().getAuthorizationSignedResponseAlg()));
+            redirectUriResponse.getRedirectUri().setKeyEncryptionAlgorithm(KeyEncryptionAlgorithm.fromName(client.getAttributes().getAuthorizationEncryptedResponseAlg()));
+            redirectUriResponse.getRedirectUri().setBlockEncryptionAlgorithm(BlockEncryptionAlgorithm.fromName(client.getAttributes().getAuthorizationEncryptedResponseEnc()));
             redirectUriResponse.getRedirectUri().setCryptoProvider(cryptoProvider);
 
             String keyId = null;