Authorized party field is used first refresshing the token if clientId is not provided

This commit is contained in:
Mauro Mugnaini 2020-06-30 12:47:30 +02:00
parent c8e2a30489
commit cb05b4a63b
1 changed files with 10 additions and 1 deletions

View File

@ -156,7 +156,16 @@ public class OpenIdConnectRESTHelper {
Map<String, List<String>> params = new HashMap<>(); Map<String, List<String>> params = new HashMap<>();
params.put("grant_type", Arrays.asList("refresh_token")); params.put("grant_type", Arrays.asList("refresh_token"));
if (clientId == null) { if (clientId == null) {
clientId = getFirstAudienceNoAccount(token); if (logger.isDebugEnabled()) {
logger.debug("Client id not provided, using authorized party field (azp)");
}
clientId = token.getAzp();
if (clientId == null) {
if (logger.isDebugEnabled()) {
logger.debug("Authorized party field (azp) not present, getting one of the audience field (aud)");
}
clientId = getFirstAudienceNoAccount(token);
}
} }
params.put("client_id", Arrays.asList(URLEncoder.encode(clientId, "UTF-8"))); params.put("client_id", Arrays.asList(URLEncoder.encode(clientId, "UTF-8")));
if (clientSecret != null) { if (clientSecret != null) {