Closed
Description
Describe the bug
When working with custom OidcUserInfo (id_token), where we overwrite the sub claim with my user ID (as shown in the code snippet below). This snippet fails because it expects the sub to be the username of the user.
To Reproduce
@Service
public class OidcUserInfoService {
// omitted
private OidcUserInfo createOidcUserInfo(User user) {
return OidcUserInfo.builder()
.subject(user.getId().toString()) /* <= (HERE) */
.preferredUsername(user.getUsername())
.email(user.getUsername())
.emailVerified(true)
.name(user.getName())
.build();
}
// omitted
}Steps to reproduce the behavior.
Expected behavior
That I can exit successfully, passing my id_token as the value of the id_token_hint parameter.
Sample
My custom token implementation ...
@Component
public class JwtTokenCustomizer implements OAuth2TokenCustomizer<JwtEncodingContext> {
private final OidcUserInfoService userInfoService;
public JwtTokenCustomizer(OidcUserInfoService oidcUserInfoService) {
this.userInfoService = oidcUserInfoService;
}
@Override
public void customize(JwtEncodingContext context) {
if (!isAccessToken(context) && !isIdToken(context) || isClientCredentials(context)) {
var registeredClient = context.getRegisteredClient();
var clientInfo = userInfoService.loadClientInfo(registeredClient.getId());
context.getClaims().claims(claims -> claims.putAll(clientInfo));
} else {
var currentUser = context.getPrincipal().getName();
if (isAccessToken(context)) {
var userInfo = userInfoService.loadUserProviderInfo(currentUser);
context.getClaims().claims(claims -> claims.putAll(userInfo));
} else if (isIdToken(context)) {
var userInfo = userInfoService.loadOidcUserInfo(currentUser); /* <= (HERE) */
context.getClaims().claims(claims -> claims.putAll(userInfo.getClaims()));
}
}
}
// omitted
}Failed to evaluate this condition on source code line:
Metadata
Metadata
Assignees
Labels
Type
Projects
Status
Done
Activity