// return all claims from scopes + claims requested in the id_token private void appendIdTokenClaims( OAuth2Request request, OAuth2ProviderSettings providerSettings, OpenAMOpenIdConnectToken oidcToken) throws ServerException, NotFoundException, InvalidClientException { try { AccessToken accessToken = request.getToken(AccessToken.class); Map<String, Object> userInfo = providerSettings.getUserInfo(accessToken, request).getValues(); for (Map.Entry<String, Object> claim : userInfo.entrySet()) { oidcToken.put(claim.getKey(), claim.getValue()); } } catch (UnauthorizedClientException e) { throw new InvalidClientException(e.getMessage()); } }
// See spec section 5.5. - add claims to id_token based on 'claims' parameter in the access token private void appendRequestedIdTokenClaims( OAuth2Request request, OAuth2ProviderSettings providerSettings, OpenAMOpenIdConnectToken oidcToken) throws ServerException, NotFoundException, InvalidClientException { AccessToken accessToken = request.getToken(AccessToken.class); String claims; if (accessToken != null) { claims = (String) accessToken.toMap().get(OAuth2Constants.Custom.CLAIMS); } else { claims = request.getParameter(OAuth2Constants.Custom.CLAIMS); } if (claims != null) { try { JSONObject claimsObject = new JSONObject(claims); JSONObject idTokenClaimsRequest = claimsObject.getJSONObject(OAuth2Constants.JWTTokenParams.ID_TOKEN); Map<String, Object> userInfo = providerSettings.getUserInfo(accessToken, request).getValues(); Iterator<String> it = idTokenClaimsRequest.keys(); while (it.hasNext()) { String keyName = it.next(); if (userInfo.containsKey(keyName)) { oidcToken.put(keyName, userInfo.get(keyName)); } } } catch (UnauthorizedClientException e) { throw new InvalidClientException(e.getMessage()); } catch (JSONException e) { // if claims object not found, fall through } } }