Skip to content

Commit

Permalink
fix(jans-auth-server): corrected requestContext and azd decoding
Browse files Browse the repository at this point in the history 
#8562
Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>
  • Loading branch information
@yuriyz
yuriyz committed May 31, 2024
1 parent eb1340f commit d32bca8
Showing 1 changed file with 19 additions and 7 deletions.
26 changes: 19 additions & 7 deletions jans-auth-server/server/src/main/java/io/jans/as/server/token/ws/rs/TxTokenService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.json.JSONException;
import org.json.JSONObject;
import org.slf4j.Logger;

Expand Down Expand Up @@ -161,25 +162,36 @@ private void fillPayload(JsonWebResponse jwr, String audience, String requestCon
jwr.getClaims().addAudience(audience);
}

if (StringUtils.isNotBlank(requestContext)) {
requestContext = Base64Util.base64urldecodeToString(requestContext);
jwr.getClaims().setClaim("rctx", new JSONObject(requestContext));
JSONObject requestContextObj = decodeJson(requestContext);
if (requestContextObj != null) {
jwr.getClaims().setClaim("rctx", requestContextObj);
}

if (authorizationGrant != null) {
jwr.setClaim("sub", authorizationGrant.getSub());
}

JSONObject azd = new JSONObject();
if (StringUtils.isNotBlank(requestDetails)) {
requestDetails = Base64Util.base64urldecodeToString(requestDetails);
azd = new JSONObject(requestDetails);
JSONObject azd = decodeJson(requestDetails);
if (azd == null) {
azd = new JSONObject();
}
azd.put("client_id", client.getClientId());

jwr.getClaims().setClaim("azd", azd);
}

private static JSONObject decodeJson(String jsonString) {
if (StringUtils.isBlank(jsonString)) {
return null;
}
try {
return new JSONObject(jsonString);
} catch (JSONException e) {
String decoded = Base64Util.base64urldecodeToString(jsonString);
return new JSONObject(decoded);
}
}

private int getTxTokenLifetime(Client client) {
if (client.getAttributes().getTxTokenLifetime() != null && client.getAttributes().getTxTokenLifetime() > 0) {
log.trace("Override TxToken lifetime with value {} from client: {}", client.getAttributes().getTxTokenLifetime(), client.getClientId());
Expand Down

0 comments on commit d32bca8

Please sign in to comment.