KEYCLOAK-2270 Use sub instead of iss for clientId in JWTClientAuthenticator

2016-01-13 10:12:11 +01:00 · 2016-01-13 10:12:11 +01:00 · 4642876323
commit 4642876323
parent 75d715d8a7
2 changed files with 2 additions and 1 deletions
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/authentication/JWTClientCredentialsProvider.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/authentication/JWTClientCredentialsProvider.java
@ -107,6 +107,7 @@ public class JWTClientCredentialsProvider implements ClientCredentialsProvider {
        JsonWebToken reqToken = new JsonWebToken();
        reqToken.id(AdapterUtils.generateId());
        reqToken.issuer(clientId);
        reqToken.subject(clientId);
        reqToken.audience(realmInfoUrl);
        int now = Time.currentTime();
--- a/services/src/main/java/org/keycloak/authentication/authenticators/client/JWTClientAuthenticator.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/client/JWTClientAuthenticator.java
@ -77,7 +77,7 @@ public class JWTClientAuthenticator extends AbstractClientAuthenticator {
            JsonWebToken token = jws.readJsonContent(JsonWebToken.class);
            RealmModel realm = context.getRealm();
-            String clientId = token.getIssuer();
+            String clientId = token.getSubject();
            if (clientId == null) {
                throw new RuntimeException("Can't identify client. Issuer missing on JWT token");
            }