Using azp field (if present) also in logout

2020-06-30 13:57:41 +02:00 · 2020-06-30 13:57:41 +02:00 · 9aafc0d289
parent d6362f0cb5
commit 9aafc0d289
1 changed files with 21 additions and 13 deletions
--- a/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java
+++ b/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java
@ -115,10 +115,12 @@ public class OpenIdConnectRESTHelper {
            con.setRequestProperty("Authorization", authorization);
        }
        OutputStream os = con.getOutputStream();
+
+        String queryString = mapToQueryString(params);
        if (logger.isDebugEnabled()) {
-            logger.debug("Sending parameters: " + params);
+            logger.debug("Parameters query string is: " + queryString);
        }
-        os.write(mapToQueryString(params).getBytes("UTF-8"));
+        os.write(queryString.getBytes("UTF-8"));
        os.close();
        return con;
    }
@ -156,16 +158,7 @@ public class OpenIdConnectRESTHelper {
        Map<String, List<String>> params = new HashMap<>();
        params.put("grant_type", Arrays.asList("refresh_token"));
        if (clientId == null) {
-            if (logger.isDebugEnabled()) {
-                logger.debug("Client id not provided, using authorized party field (azp)");
-            }
-            clientId = token.getAzp();
-            if (clientId == null) {
-                if (logger.isDebugEnabled()) {
-                    logger.debug("Authorized party field (azp) not present, getting one of the audience field (aud)");
-                }
-                clientId = getFirstAudienceNoAccount(token);
-            }
+            clientId = getClientIdFromToken(token);
        }
        params.put("client_id", Arrays.asList(URLEncoder.encode(clientId, "UTF-8")));
        if (clientSecret != null) {
@ -175,6 +168,21 @@ public class OpenIdConnectRESTHelper {
        return performQueryTokenWithPOST(tokenURL, null, params);
    }

+    protected static String getClientIdFromToken(JWTToken token) {
+        String clientId;
+        if (logger.isDebugEnabled()) {
+            logger.debug("Client id not provided, using authorized party field (azp)");
+        }
+        clientId = token.getAzp();
+        if (clientId == null) {
+            if (logger.isDebugEnabled()) {
+                logger.debug("Authorized party field (azp) not present, getting one of the audience field (aud)");
+            }
+            clientId = getFirstAudienceNoAccount(token);
+        }
+        return clientId;
+    }
+
    private static String getFirstAudienceNoAccount(JWTToken token) {
        // Trying to get it from the token's audience ('aud' field), getting the first except the 'account'
        List<String> tokenAud = token.getAud();
@ -194,7 +202,7 @@ public class OpenIdConnectRESTHelper {
    public static boolean logout(URL logoutUrl, String clientId, JWTToken token) throws IOException {
        Map<String, List<String>> params = new HashMap<>();
        if (clientId == null) {
-            clientId = getFirstAudienceNoAccount(token);
+            clientId = getClientIdFromToken(token);
        }
        params.put("client_id", Arrays.asList(URLEncoder.encode(clientId, "UTF-8")));
        params.put("refresh_token", Arrays.asList(token.getRefreshTokenString()));