String openidConfiguration = getOpenidConfiguration(issuer); OIDCProviderMetadata metadata = parse(openidConfiguration); String metadataIssuer = metadata.getIssuer().getValue(); if (!issuer.equals(metadataIssuer)) { throw new IllegalStateException("The Issuer \"" + metadataIssuer + "\" provided in the OpenID Configuration did not match the requested issuer \"" + issuer + "\"");
@Override public IDTokenClaimsSet validate(final JWT idToken, final Nonce expectedNonce) throws BadJOSEException, JOSEException { try { if (originalIssuer.contains("%7Btenantid%7D")) { Object tid = idToken.getJWTClaimsSet().getClaim("tid"); if (tid == null) { throw new BadJWTException("ID token does not contain the 'tid' claim"); } base = new IDTokenValidator(new Issuer(originalIssuer.replace("%7Btenantid%7D", tid.toString())), base.getClientID(), base.getJWSKeySelector(), base.getJWEKeySelector()); base.setMaxClockSkew(getMaxClockSkew()); } } catch (ParseException e) { throw new BadJWTException(e.getMessage(), e); } return base.validate(idToken, expectedNonce); } }
final LoginAuthenticationToken loginToken = new LoginAuthenticationToken(email, email, expiresIn, claimsSet.getIssuer().getValue()); return jwtService.generateSignedToken(loginToken); } else {
public AzureAdIdTokenValidator(final IDTokenValidator base) { super(base.getExpectedIssuer(), base.getClientID()); this.base = base; this.originalIssuer = base.getExpectedIssuer().getValue(); }
String openidConfiguration = getOpenidConfiguration(issuer); OIDCProviderMetadata metadata = parse(openidConfiguration); String metadataIssuer = metadata.getIssuer().getValue(); if (!issuer.equals(metadataIssuer)) { throw new IllegalStateException("The Issuer \"" + metadataIssuer + "\" provided in the OpenID Configuration did not match the requested issuer \"" + issuer + "\"");
final LoginAuthenticationToken loginToken = new LoginAuthenticationToken(email, email, expiresIn, claimsSet.getIssuer().getValue()); return jwtService.generateSignedToken(loginToken); } else {