diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/ga4gh/Ga4ghAccessTokenModifier.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/ga4gh/Ga4ghAccessTokenModifier.java index 563c0dae92f79da0155f2cc2488968d2e1112493..4b7f735af9e087ae7ca3c0f9d1d487927350225c 100644 --- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/ga4gh/Ga4ghAccessTokenModifier.java +++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/ga4gh/Ga4ghAccessTokenModifier.java @@ -8,7 +8,10 @@ import lombok.extern.slf4j.Slf4j; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.provider.OAuth2Authentication; +import java.util.ArrayList; +import java.util.Collection; import java.util.Collections; +import java.util.HashSet; import java.util.Set; import static cz.muni.ics.oidc.server.ga4gh.Ga4ghApiClaimSource.GA4GH_SCOPE; @@ -33,8 +36,15 @@ public class Ga4ghAccessTokenModifier implements PerunAccessTokenEnhancer.Access Set<String> scopes = accessToken.getScope(); //GA4GH if (scopes.contains(GA4GH_SCOPE)) { + Object originalAud = builder.getClaims().get("aud"); + Set<String> newAud = new HashSet<>(); + if (originalAud instanceof String) { + newAud.add((String) originalAud); + } else if (originalAud instanceof Collection) { + newAud.addAll((Collection<String>) originalAud); + } log.debug("Adding claims required by GA4GH to access token"); - builder.audience(Collections.singletonList(authentication.getOAuth2Request().getClientId())); + builder.audience(new ArrayList<>(newAud)); } }