Using azp field (if present) also in logout

2020-06-30 13:57:41 +02:00 · 2020-06-30 13:57:41 +02:00 · 9aafc0d289
parent d6362f0cb5
commit 9aafc0d289
1 changed files with 21 additions and 13 deletions
--- a/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java
+++ b/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java
@ -115,10 +115,12 @@ public class OpenIdConnectRESTHelper {
            con.setRequestProperty("Authorization", authorization);
        }
        OutputStream os = con.getOutputStream();
+
+        String queryString = mapToQueryString(params);
        if (logger.isDebugEnabled()) {
-            logger.debug("Sending parameters: " + params);
+            logger.debug("Parameters query string is: " + queryString);
        }
-        os.write(mapToQueryString(params).getBytes("UTF-8"));
+        os.write(queryString.getBytes("UTF-8"));
        os.close();
        return con;
    }
@ -156,6 +158,18 @@ public class OpenIdConnectRESTHelper {
        Map<String, List<String>> params = new HashMap<>();
        params.put("grant_type", Arrays.asList("refresh_token"));
        if (clientId == null) {
+            clientId = getClientIdFromToken(token);
+        }
+        params.put("client_id", Arrays.asList(URLEncoder.encode(clientId, "UTF-8")));
+        if (clientSecret != null) {
+            params.put("client_secret", Arrays.asList(URLEncoder.encode(clientSecret, "UTF-8")));
+        }
+        params.put("refresh_token", Arrays.asList(token.getRefreshTokenString()));
+        return performQueryTokenWithPOST(tokenURL, null, params);
+    }
+
+    protected static String getClientIdFromToken(JWTToken token) {
+        String clientId;
        if (logger.isDebugEnabled()) {
            logger.debug("Client id not provided, using authorized party field (azp)");
        }
@ -166,13 +180,7 @@ public class OpenIdConnectRESTHelper {
            }
            clientId = getFirstAudienceNoAccount(token);
        }
-        }
-        params.put("client_id", Arrays.asList(URLEncoder.encode(clientId, "UTF-8")));
-        if (clientSecret != null) {
-            params.put("client_secret", Arrays.asList(URLEncoder.encode(clientSecret, "UTF-8")));
-        }
-        params.put("refresh_token", Arrays.asList(token.getRefreshTokenString()));
-        return performQueryTokenWithPOST(tokenURL, null, params);
+        return clientId;
    }

    private static String getFirstAudienceNoAccount(JWTToken token) {
@ -194,7 +202,7 @@ public class OpenIdConnectRESTHelper {
    public static boolean logout(URL logoutUrl, String clientId, JWTToken token) throws IOException {
        Map<String, List<String>> params = new HashMap<>();
        if (clientId == null) {
-            clientId = getFirstAudienceNoAccount(token);
+            clientId = getClientIdFromToken(token);
        }
        params.put("client_id", Arrays.asList(URLEncoder.encode(clientId, "UTF-8")));
        params.put("refresh_token", Arrays.asList(token.getRefreshTokenString()));