Skip to content

Commit

Permalink
Fikser audience for tokenveksling for TokenX (#1276)
Browse files Browse the repository at this point in the history
  • Loading branch information
@espenwaaga
espenwaaga committed Apr 19, 2023
1 parent e66dc01 commit 492cd4e
Showing 1 changed file with 9 additions and 4 deletions.
13 changes: 9 additions & 4 deletions felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/impl/TokenXExchangeKlient.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,13 +59,18 @@ private OidcTokenResponse hentToken(OpenIDToken token, String assertion, String

private static HttpRequest.BodyPublisher ofFormData(OpenIDToken token, String assertion, String audience) {
var formdata = "grant_type=urn:ietf:params:oauth:grant-type:token-exchange&"
+ "client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&" + "client_assertion=" + assertion + "&"
+ "subject_token_type=urn:ietf:params:oauth:token-type:jwt&" + "subject_token=" + token.token() + "&" + "audience=" + audience;
+ "client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&"
+ "client_assertion=" + assertion + "&"
+ "subject_token_type=urn:ietf:params:oauth:token-type:jwt&"
+ "subject_token=" + token.token() + "&"
+ "audience=" + audience;
return HttpRequest.BodyPublishers.ofString(formdata, UTF_8);
}

private static String audience(String scope) {
//Støtter bare ett scope
return scope.replaceFirst("api://", "").replace("/.default", "");
return scope
.replaceFirst("api://", "")
.replace("/.default", "")
.replace(".", ":");
}
}

0 comments on commit 492cd4e

Please sign in to comment.