private String getProcessedIdToken(ServerAccessToken st) { if (userInfoProvider != null) { IdToken idToken = userInfoProvider.getIdToken( st.getClient().getClientId(), st.getSubject(), st.getScopes()); setAtHashAndNonce(idToken, st); return super.processJwt(new JwtToken(idToken), st.getClient()); } else if (st.getSubject().getProperties().containsKey(OidcUtils.ID_TOKEN)) { return st.getSubject().getProperties().get(OidcUtils.ID_TOKEN); } else if (st.getSubject() instanceof OidcUserSubject) { OidcUserSubject sub = (OidcUserSubject) st.getSubject(); IdToken idToken = new IdToken(sub.getIdToken()); idToken.setAudience(st.getClient().getClientId()); idToken.setAuthorizedParty(st.getClient().getClientId()); // if this token was refreshed then the cloned IDToken might need to have its // issuedAt and expiry time properties adjusted if it proves to be necessary setAtHashAndNonce(idToken, st); return super.processJwt(new JwtToken(idToken), st.getClient()); } else { return null; } }