From cb05b4a63b4e4a9ce42372605bb695d81a321ab2 Mon Sep 17 00:00:00 2001 From: Mauro Mugnaini Date: Tue, 30 Jun 2020 12:47:30 +0200 Subject: [PATCH] Authorized party field is used first refresshing the token if clientId is not provided --- .../org/gcube/oidc/rest/OpenIdConnectRESTHelper.java | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java b/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java index b220716..3d79b71 100644 --- a/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java +++ b/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java @@ -156,7 +156,16 @@ public class OpenIdConnectRESTHelper { Map> params = new HashMap<>(); params.put("grant_type", Arrays.asList("refresh_token")); if (clientId == null) { - clientId = getFirstAudienceNoAccount(token); + if (logger.isDebugEnabled()) { + logger.debug("Client id not provided, using authorized party field (azp)"); + } + clientId = token.getAzp(); + if (clientId == null) { + if (logger.isDebugEnabled()) { + logger.debug("Authorized party field (azp) not present, getting one of the audience field (aud)"); + } + clientId = getFirstAudienceNoAccount(token); + } } params.put("client_id", Arrays.asList(URLEncoder.encode(clientId, "UTF-8"))); if (clientSecret != null) {