admin/MaxKey
1
0
Fork 0
mirror of https://gitee.com/dromara/MaxKey.git synced 2025-12-07 17:38:32 +08:00
Code Issues Packages Projects Releases Wiki Activity

#IAEWN7 well-known/openid-configuration 接口 返回的response_types_supported问题

Browse Source
This commit is contained in:
shimingxy 2024-10-31 11:42:53 +08:00
parent e269efd5de
commit 6be5bc0d0f
3 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/dromara/maxkey/authz/oauth2/provider/wellknown/endpoint/OauthAuthorizationServerEndpoint.java
View File

@ -185,6 +185,7 @@ public class OauthAuthorizationServerEndpoint extends AbstractEndpoint {
oauthConfig.setIssuer(baseUrl + "/maxkey"); oauthConfig.setIssuer(baseUrl + "/maxkey");
Set<String> response_types_supported = new HashSet<String>(); Set<String> response_types_supported = new HashSet<String>();
response_types_supported.add("code"); response_types_supported.add("code");
response_types_supported.add("authorization_code");
response_types_supported.add("code id_token"); response_types_supported.add("code id_token");
response_types_supported.add("id_token"); response_types_supported.add("id_token");
oauthConfig.setResponse_types_supported(response_types_supported); oauthConfig.setResponse_types_supported(response_types_supported);

7
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/dromara/maxkey/authz/oauth2/provider/wellknown/endpoint/OpenidConfigurationEndpoint.java
View File

@ -98,7 +98,11 @@ public class OpenidConfigurationEndpoint extends AbstractEndpoint {
openidConfig.setIntrospection_endpoint_auth_methods_supported(introspection_endpoint_auth_methods_supported); openidConfig.setIntrospection_endpoint_auth_methods_supported(introspection_endpoint_auth_methods_supported);
openidConfig.setIssuer(clientDetails.getIssuer()); openidConfig.setIssuer(clientDetails.getIssuer());
openidConfig.setResponse_types_supported(clientDetails.getAuthorizedGrantTypes()); Set<String> response_types_supported =clientDetails.getAuthorizedGrantTypes();
if(response_types_supported.contains("authorization_code")) {
response_types_supported.add("code");
}
openidConfig.setResponse_types_supported(response_types_supported);
Set<String> response_modes_supported = new HashSet<String>(); Set<String> response_modes_supported = new HashSet<String>();
response_modes_supported.add("query"); response_modes_supported.add("query");
@ -176,6 +180,7 @@ public class OpenidConfigurationEndpoint extends AbstractEndpoint {
openidConfig.setIssuer(baseUrl + "/maxkey"); openidConfig.setIssuer(baseUrl + "/maxkey");
Set<String> response_types_supported = new HashSet<String>(); Set<String> response_types_supported = new HashSet<String>();
response_types_supported.add("code"); response_types_supported.add("code");
response_types_supported.add("authorization_code");
response_types_supported.add("code id_token"); response_types_supported.add("code id_token");
response_types_supported.add("id_token"); response_types_supported.add("id_token");
openidConfig.setResponse_types_supported(response_types_supported); openidConfig.setResponse_types_supported(response_types_supported);

15
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/dromara/maxkey/authz/oidc/idtoken/OIDCIdTokenEnhancer.java
View File

@ -86,11 +86,12 @@ public class OIDCIdTokenEnhancer implements TokenEnhancer {
DefaultJwtSigningAndValidationService jwtSignerService = null; DefaultJwtSigningAndValidationService jwtSignerService = null;
JWSAlgorithm signingAlg = null; JWSAlgorithm signingAlg = null;
String signerKeyId = clientDetails.getClientId() + "_sig";
try {//jwtSignerService try {//jwtSignerService
if (StringUtils.isNotBlank(clientDetails.getSignature()) && !clientDetails.getSignature().equalsIgnoreCase("none")) { if (StringUtils.isNotBlank(clientDetails.getSignature()) && !clientDetails.getSignature().equalsIgnoreCase("none")) {
jwtSignerService = new DefaultJwtSigningAndValidationService( jwtSignerService = new DefaultJwtSigningAndValidationService(
clientDetails.getSignatureKey(), clientDetails.getSignatureKey(),
clientDetails.getClientId() + "_sig", signerKeyId,
clientDetails.getSignature() clientDetails.getSignature()
); );
@ -117,7 +118,7 @@ public class OIDCIdTokenEnhancer implements TokenEnhancer {
&& jwtSignerService != null && jwtSignerService != null
&& clientDetails.getIssuer().equalsIgnoreCase("https://self-issued.me") && clientDetails.getIssuer().equalsIgnoreCase("https://self-issued.me")
){ ){
builder.claim("sub_jwk", jwtSignerService.getAllPublicKeys().get(jwtSignerService.getDefaultSignerKeyId())); builder.claim("sub_jwk", jwtSignerService.getAllPublicKeys().get(signerKeyId));
} }
// if the auth time claim was explicitly requested OR if the client always wants the auth time, put it in // if the auth time claim was explicitly requested OR if the client always wants the auth time, put it in
@ -133,6 +134,7 @@ public class OIDCIdTokenEnhancer implements TokenEnhancer {
if (!Strings.isNullOrEmpty(nonce)) { if (!Strings.isNullOrEmpty(nonce)) {
builder.claim("nonce", nonce); builder.claim("nonce", nonce);
} }
//add at_hash
if(jwtSignerService != null) { if(jwtSignerService != null) {
SignedJWT signed = new SignedJWT(new JWSHeader(signingAlg), builder.build()); SignedJWT signed = new SignedJWT(new JWSHeader(signingAlg), builder.build());
Set<String> responseTypes = request.getResponseTypes(); Set<String> responseTypes = request.getResponseTypes();
@ -148,9 +150,10 @@ public class OIDCIdTokenEnhancer implements TokenEnhancer {
if (StringUtils.isNotBlank(clientDetails.getSignature()) if (StringUtils.isNotBlank(clientDetails.getSignature())
&& !clientDetails.getSignature().equalsIgnoreCase("none")) { && !clientDetails.getSignature().equalsIgnoreCase("none")) {
try { try {
builder.claim("kid", jwtSignerService.getDefaultSignerKeyId()); builder.claim("kid", signerKeyId);
// signed ID token // signed ID token
JWT idToken = new SignedJWT(new JWSHeader(signingAlg), builder.build()); JWSHeader jwsHeader = new JWSHeader.Builder(signingAlg).keyID(signerKeyId).build();
JWT idToken = new SignedJWT(jwsHeader, builder.build());
// sign it with the server's key // sign it with the server's key
jwtSignerService.signJwt((SignedJWT) idToken); jwtSignerService.signJwt((SignedJWT) idToken);
idTokenString = idToken.serialize(); idTokenString = idToken.serialize();
@ -161,10 +164,11 @@ public class OIDCIdTokenEnhancer implements TokenEnhancer {
}else if (StringUtils.isNotBlank(clientDetails.getAlgorithm()) }else if (StringUtils.isNotBlank(clientDetails.getAlgorithm())
&& !clientDetails.getAlgorithm().equalsIgnoreCase("none")) { && !clientDetails.getAlgorithm().equalsIgnoreCase("none")) {
try { try {
String encryptionKeyId = clientDetails.getClientId() + "_enc";
DefaultJwtEncryptionAndDecryptionService jwtEncryptionService = DefaultJwtEncryptionAndDecryptionService jwtEncryptionService =
new DefaultJwtEncryptionAndDecryptionService( new DefaultJwtEncryptionAndDecryptionService(
clientDetails.getAlgorithmKey(), clientDetails.getAlgorithmKey(),
clientDetails.getClientId() + "_enc", encryptionKeyId,
clientDetails.getAlgorithm() clientDetails.getAlgorithm()
); );
Payload payload = builder.build().toPayload(); Payload payload = builder.build().toPayload();
@ -177,6 +181,7 @@ public class OIDCIdTokenEnhancer implements TokenEnhancer {
JWEObject jweObject = new JWEObject( JWEObject jweObject = new JWEObject(
new JWEHeader.Builder(jweHeader) new JWEHeader.Builder(jweHeader)
.contentType("JWT") // required to indicate nested JWT .contentType("JWT") // required to indicate nested JWT
.keyID(encryptionKeyId)
.build(), .build(),
payload); payload);