// return all claims from scopes + claims requested in the id_token
private void appendIdTokenClaims(
OAuth2Request request,
OAuth2ProviderSettings providerSettings,
OpenAMOpenIdConnectToken oidcToken)
throws ServerException, NotFoundException, InvalidClientException {
try {
AccessToken accessToken = request.getToken(AccessToken.class);
Map<String, Object> userInfo = providerSettings.getUserInfo(accessToken, request).getValues();
for (Map.Entry<String, Object> claim : userInfo.entrySet()) {
oidcToken.put(claim.getKey(), claim.getValue());
}
} catch (UnauthorizedClientException e) {
throw new InvalidClientException(e.getMessage());
}
}
// See spec section 5.5. - add claims to id_token based on 'claims' parameter in the access token
private void appendRequestedIdTokenClaims(
OAuth2Request request,
OAuth2ProviderSettings providerSettings,
OpenAMOpenIdConnectToken oidcToken)
throws ServerException, NotFoundException, InvalidClientException {
AccessToken accessToken = request.getToken(AccessToken.class);
String claims;
if (accessToken != null) {
claims = (String) accessToken.toMap().get(OAuth2Constants.Custom.CLAIMS);
} else {
claims = request.getParameter(OAuth2Constants.Custom.CLAIMS);
}
if (claims != null) {
try {
JSONObject claimsObject = new JSONObject(claims);
JSONObject idTokenClaimsRequest =
claimsObject.getJSONObject(OAuth2Constants.JWTTokenParams.ID_TOKEN);
Map<String, Object> userInfo =
providerSettings.getUserInfo(accessToken, request).getValues();
Iterator<String> it = idTokenClaimsRequest.keys();
while (it.hasNext()) {
String keyName = it.next();
if (userInfo.containsKey(keyName)) {
oidcToken.put(keyName, userInfo.get(keyName));
}
}
} catch (UnauthorizedClientException e) {
throw new InvalidClientException(e.getMessage());
} catch (JSONException e) {
// if claims object not found, fall through
}
}
}