fix: Losing AUD in GA4GH AT modifier

Audiences previously set in the token were lost as the current implementation just placed ClientID over it. The fix maintains set audiences

fix: Losing AUD in GA4GH AT modifier
a4656c67 · Dominik Frantisek Bucik · 948b33a3 · a4656c67
Verified Commit a4656c67 authored 1 year ago by Dominik Frantisek Bucik
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/ga4gh/Ga4ghAccessTokenModifier.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/ga4gh/Ga4ghAccessTokenModifier.java
@@ -8,7 +8,10 @@ import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;

+import java.util.ArrayList;
+import java.util.Collection;
 import java.util.Collections;
+import java.util.HashSet;
 import java.util.Set;

 import static cz.muni.ics.oidc.server.ga4gh.Ga4ghApiClaimSource.GA4GH_SCOPE;
@@ -33,8 +36,15 @@ public class Ga4ghAccessTokenModifier implements PerunAccessTokenEnhancer.Access
 		Set<String> scopes = accessToken.getScope();
 		//GA4GH
 		if (scopes.contains(GA4GH_SCOPE)) {
+			Object originalAud = builder.getClaims().get("aud");
+			Set<String> newAud = new HashSet<>();
+			if (originalAud instanceof String) {
+				newAud.add((String) originalAud);
+			} else if (originalAud instanceof Collection) {
+				newAud.addAll((Collection<String>) originalAud);
+			}
 			log.debug("Adding claims required by GA4GH to access token");
-			builder.audience(Collections.singletonList(authentication.getOAuth2Request().getClientId()));
+			builder.audience(new ArrayList<>(newAud));
 		}
 	}