From f5ceb77ea7ca0f14e10d9aed9fa528deedcb4952 Mon Sep 17 00:00:00 2001 From: Stephan Richter Date: Sun, 20 Oct 2024 17:36:15 +0200 Subject: [PATCH] bugfix: removed duplicate protocol Signed-off-by: Stephan Richter --- .../src/main/java/de/srsoftware/oidc/app/Application.java | 2 +- .../java/de/srsoftware/oidc/backend/TokenController.java | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/de.srsoftware.oidc.app/src/main/java/de/srsoftware/oidc/app/Application.java b/de.srsoftware.oidc.app/src/main/java/de/srsoftware/oidc/app/Application.java index a163862..9917a41 100644 --- a/de.srsoftware.oidc.app/src/main/java/de/srsoftware/oidc/app/Application.java +++ b/de.srsoftware.oidc.app/src/main/java/de/srsoftware/oidc/app/Application.java @@ -78,7 +78,7 @@ public class Application { new Forward(INDEX).bindPath(ROOT).on(server); new WellKnownController().bindPath(WELL_KNOWN, "/realms/oidc" + WELL_KNOWN).on(server); new UserController(mailConfig, sessionService, userService, staticPages).bindPath(API_USER).on(server); - var tokenControllerConfig = new TokenController.Configuration( 10); + var tokenControllerConfig = new TokenController.Configuration(10); new TokenController(authService, clientService, keyManager, userService, tokenControllerConfig).bindPath(API_TOKEN).on(server); new ClientController(authService, clientService, sessionService, userService).bindPath(API_CLIENT).on(server); new KeyStoreController(keyStore).bindPath(JWKS).on(server); diff --git a/de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java b/de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java index f9da058..46d0c32 100644 --- a/de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java +++ b/de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java @@ -115,7 +115,7 @@ public class TokenController extends PathHandler { var user = optUser.get(); var accessToken = users.accessToken(user); - var issuer = "https://"+hostname(ex); + var issuer = hostname(ex); String jwToken = createJWT(client, user, accessToken, issuer); ex.getResponseHeaders().add("Cache-Control", "no-store"); JSONObject response = new JSONObject(); @@ -173,8 +173,8 @@ public class TokenController extends PathHandler { JwtClaims claims = new JwtClaims(); // required claims: - claims.setIssuer(issuer); // who creates the token and signs it - claims.setSubject(user.uuid()); // the subject/principal is whom the token is about + claims.setIssuer(issuer); // who creates the token and signs it + claims.setSubject(user.uuid()); // the subject/principal is whom the token is about claims.setAudience(client.id()); claims.setExpirationTimeMinutesInTheFuture(config.tokenExpirationMinutes); // time when the token will expire (10 minutes from now) claims.setIssuedAtToNow();