private void setAtHashAndNonce(IdToken idToken, ServerAccessToken st) {
if (idToken.getAccessTokenHash() == null) {
Properties props = JwsUtils.loadSignatureOutProperties(false);
SignatureAlgorithm sigAlgo = null;
if (super.isSignWithClientSecret()) {
sigAlgo = OAuthUtils.getClientSecretSignatureAlgorithm(props);
} else {
sigAlgo = JwsUtils.getSignatureAlgorithm(props, SignatureAlgorithm.RS256);
}
if (sigAlgo != SignatureAlgorithm.NONE) {
String atHash = OidcUtils.calculateAccessTokenHash(st.getTokenKey(), sigAlgo);
idToken.setAccessTokenHash(atHash);
}
}
Message m = JAXRSUtils.getCurrentMessage();
if (m != null && m.getExchange().containsKey(OAuthConstants.NONCE)) {
idToken.setNonce((String) m.getExchange().get(OAuthConstants.NONCE));
} else if (st.getNonce() != null) {
idToken.setNonce(st.getNonce());
}
}
private String getProcessedIdToken(ServerAccessToken st) {
if (userInfoProvider != null) {
IdToken idToken =
userInfoProvider.getIdToken(
st.getClient().getClientId(), st.getSubject(), st.getScopes());
setAtHashAndNonce(idToken, st);
return super.processJwt(new JwtToken(idToken), st.getClient());
} else if (st.getSubject().getProperties().containsKey(OidcUtils.ID_TOKEN)) {
return st.getSubject().getProperties().get(OidcUtils.ID_TOKEN);
} else if (st.getSubject() instanceof OidcUserSubject) {
OidcUserSubject sub = (OidcUserSubject) st.getSubject();
IdToken idToken = new IdToken(sub.getIdToken());
idToken.setAudience(st.getClient().getClientId());
idToken.setAuthorizedParty(st.getClient().getClientId());
// if this token was refreshed then the cloned IDToken might need to have its
// issuedAt and expiry time properties adjusted if it proves to be necessary
setAtHashAndNonce(idToken, st);
return super.processJwt(new JwtToken(idToken), st.getClient());
} else {
return null;
}
}