diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/ga4gh/Ga4ghAccessTokenModifier.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/ga4gh/Ga4ghAccessTokenModifier.java index 563c0dae92f79da0155f2cc2488968d2e1112493..6f22c86c0cef70ceb3713e4ca933938992318b50 100644 --- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/ga4gh/Ga4ghAccessTokenModifier.java +++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/ga4gh/Ga4ghAccessTokenModifier.java @@ -1,6 +1,7 @@ package cz.muni.ics.oidc.server.ga4gh; import com.nimbusds.jwt.JWTClaimsSet; +import cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity; import cz.muni.ics.oidc.server.PerunAccessTokenEnhancer; import cz.muni.ics.openid.connect.model.UserInfo; import lombok.NoArgsConstructor; @@ -8,7 +9,10 @@ import lombok.extern.slf4j.Slf4j; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.provider.OAuth2Authentication; +import java.util.ArrayList; +import java.util.Collection; import java.util.Collections; +import java.util.HashSet; import java.util.Set; import static cz.muni.ics.oidc.server.ga4gh.Ga4ghApiClaimSource.GA4GH_SCOPE; @@ -33,8 +37,15 @@ public class Ga4ghAccessTokenModifier implements PerunAccessTokenEnhancer.Access Set<String> scopes = accessToken.getScope(); //GA4GH if (scopes.contains(GA4GH_SCOPE)) { + Object originalAud = builder.getClaims().get("aud"); + Set<String> newAud = new HashSet<>(); + if (originalAud instanceof String) { + newAud.add((String) originalAud); + } else if (originalAud instanceof Collection) { + newAud.addAll((Collection<String>) originalAud); + } log.debug("Adding claims required by GA4GH to access token"); - builder.audience(Collections.singletonList(authentication.getOAuth2Request().getClientId())); + builder.audience(new ArrayList<>(newAud)); } }