public String buildIDToken( OAuthTokenReqMessageContext request, OAuth2AccessTokenRespDTO tokenRespDTO) throws IdentityOAuth2Exception { OAuthServerConfiguration config = OAuthServerConfiguration.getInstance(); String issuer = config.getOpenIDConnectIDTokenIssuerIdentifier(); int lifetime = Integer.parseInt(config.getOpenIDConnectIDTokenExpiration()) * 1000; int curTime = (int) Calendar.getInstance().getTimeInMillis(); // setting subject String subject = request.getAuthorizedUser(); String claim = config.getOpenIDConnectIDTokenSubjectClaim(); if (claim != null) { String tenantUser = MultitenantUtils.getTenantAwareUsername(request.getAuthorizedUser()); String domainName = MultitenantUtils.getTenantDomain(request.getAuthorizedUser()); try { subject = IdentityTenantUtil.getRealm(domainName, tenantUser) .getUserStoreManager() .getUserClaimValue(tenantUser, claim, null); } catch (Exception e) { throw new IdentityOAuth2Exception("Erro while generating the IDToken", e); } } if (DEBUG) { log.debug("Using issuer " + issuer); log.debug("Subject " + subject); log.debug("ID Token expiration seconds" + lifetime); log.debug("Current time " + curTime); } try { IDTokenBuilder builder = new IDTokenBuilder() .setIssuer(issuer) .setSubject(subject) .setAudience(request.getOauth2AccessTokenReqDTO().getClientId()) .setAuthorizedParty(request.getOauth2AccessTokenReqDTO().getClientId()) .setExpiration(curTime + lifetime) .setIssuedAt(curTime); // setting up custom claims CustomClaimsCallbackHandler claimsCallBackHandler = OAuthServerConfiguration.getInstance().getOpenIDConnectCustomClaimsCallbackHandler(); claimsCallBackHandler.handleCustomClaims(builder, request); return builder.buildIDToken(); } catch (IDTokenException e) { throw new IdentityOAuth2Exception("Erro while generating the IDToken", e); } }