libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Merge pull request #2017 from mposolda/master

Browse source 
KEYCLOAK-2270 Use sub instead of iss for clientId in JWTClientAuthent…
This commit is contained in:
Stian Thorgersen 2016-01-13 11:10:09 +01:00
commit ddb41e2c58
2 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
integration/adapter-core/src/main/java/org/keycloak/adapters/authentication/JWTClientCredentialsProvider.java
View file

@ -107,6 +107,7 @@ public class JWTClientCredentialsProvider implements ClientCredentialsProvider {
JsonWebToken reqToken = new JsonWebToken();
reqToken.id(AdapterUtils.generateId());
reqToken.issuer(clientId);
reqToken.subject(clientId);
reqToken.audience(realmInfoUrl);
int now = Time.currentTime();

2
services/src/main/java/org/keycloak/authentication/authenticators/client/JWTClientAuthenticator.java
View file

@ -77,7 +77,7 @@ public class JWTClientAuthenticator extends AbstractClientAuthenticator {
JsonWebToken token = jws.readJsonContent(JsonWebToken.class);
RealmModel realm = context.getRealm();
String clientId = token.getIssuer();
String clientId = token.getSubject();
if (clientId == null) {
throw new RuntimeException("Can't identify client. Issuer missing on JWT token");
}