From a4656c6757ee06ab75f9a1185520f208dd158637 Mon Sep 17 00:00:00 2001 From: Dominik Frantisek Bucik <bucik@ics.muni.cz> Date: Thu, 30 May 2024 13:54:01 +0200 Subject: [PATCH] =?UTF-8?q?fix:=20=F0=9F=90=9B=20Losing=20AUD=20in=20GA4GH?= =?UTF-8?q?=20AT=20modifier?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Audiences previously set in the token were lost as the current implementation just placed ClientID over it. The fix maintains set audiences --- .../oidc/server/ga4gh/Ga4ghAccessTokenModifier.java | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/ga4gh/Ga4ghAccessTokenModifier.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/ga4gh/Ga4ghAccessTokenModifier.java index 563c0dae9..4b7f735af 100644 --- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/ga4gh/Ga4ghAccessTokenModifier.java +++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/ga4gh/Ga4ghAccessTokenModifier.java @@ -8,7 +8,10 @@ import lombok.extern.slf4j.Slf4j; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.provider.OAuth2Authentication; +import java.util.ArrayList; +import java.util.Collection; import java.util.Collections; +import java.util.HashSet; import java.util.Set; import static cz.muni.ics.oidc.server.ga4gh.Ga4ghApiClaimSource.GA4GH_SCOPE; @@ -33,8 +36,15 @@ public class Ga4ghAccessTokenModifier implements PerunAccessTokenEnhancer.Access Set<String> scopes = accessToken.getScope(); //GA4GH if (scopes.contains(GA4GH_SCOPE)) { + Object originalAud = builder.getClaims().get("aud"); + Set<String> newAud = new HashSet<>(); + if (originalAud instanceof String) { + newAud.add((String) originalAud); + } else if (originalAud instanceof Collection) { + newAud.addAll((Collection<String>) originalAud); + } log.debug("Adding claims required by GA4GH to access token"); - builder.audience(Collections.singletonList(authentication.getOAuth2Request().getClientId())); + builder.audience(new ArrayList<>(newAud)); } } -- GitLab