private String getProcessedIdToken(ServerAccessToken st) {
if (userInfoProvider != null) {
IdToken idToken =
userInfoProvider.getIdToken(
st.getClient().getClientId(), st.getSubject(), st.getScopes());
setAtHashAndNonce(idToken, st);
return super.processJwt(new JwtToken(idToken), st.getClient());
} else if (st.getSubject().getProperties().containsKey(OidcUtils.ID_TOKEN)) {
return st.getSubject().getProperties().get(OidcUtils.ID_TOKEN);
} else if (st.getSubject() instanceof OidcUserSubject) {
OidcUserSubject sub = (OidcUserSubject) st.getSubject();
IdToken idToken = new IdToken(sub.getIdToken());
idToken.setAudience(st.getClient().getClientId());
idToken.setAuthorizedParty(st.getClient().getClientId());
// if this token was refreshed then the cloned IDToken might need to have its
// issuedAt and expiry time properties adjusted if it proves to be necessary
setAtHashAndNonce(idToken, st);
return super.processJwt(new JwtToken(idToken), st.getClient());
} else {
return null;
}
}
