@Test public void shouldAddJWTId() throws Exception { String signed = JWTCreator.init() .withJWTId("jwt_id_123") .sign(Algorithm.HMAC256("secret")); assertThat(signed, is(notNullValue())); assertThat(TokenUtils.splitToken(signed)[1], is("eyJqdGkiOiJqd3RfaWRfMTIzIn0")); }
builder.withJWTId(principal.getJti());
@RolesAllowed({AuthenticatorConstants.ROLE_ADMIN}) public String generateApplicationTokenForAuthenticator(@NonNull Application application) throws NoSigningKeyException { RsaKeyPair keyForApplicationSecrets = signingKKeyPairsProvider.getActiveAuthenticatorKeyForApplicationSecrets(); Algorithm algorithm = getAlgorithm(keyForApplicationSecrets); Long applicationId = application.getId(); String[] audience = this.getMyAudience(); String[] applicationRoles = new String[]{ AuthenticatorConstants.ROLE_APPLICATION, AuthenticatorConstants.ROLE_APPLICATION_RESTRICTION + applicationId, AuthenticatorConstants.ROLE_APP_MANAGEMENT, AuthenticatorConstants.ROLE_ACTIVE }; Date expirationDate = this.getApplicationSecretTokenExpirationDate(); Date issuedDate = new Date(); String tokenId = this.generateNewTokenId(""); String principalName = callerQueryService.createApplicationPrincipalName(application); String token = JWT.create() .withIssuer(tokenIssuer) .withKeyId(keyForApplicationSecrets.getName()) .withSubject(principalName) .withExpiresAt(expirationDate) .withIssuedAt(issuedDate) .withJWTId(tokenId) .withAudience(audience) .withClaim(AuthenticatorConstants.MP_JWT_USER_PRINCIPAL_CLAIM_NAME, principalName) .withArrayClaim(AuthenticatorConstants.MP_JWT_GROUPS_CLAIM_NAME, applicationRoles) .withClaim(AuthenticatorConstants.APPLICATION_ID_CLAIM_NAME, applicationId) .sign(algorithm); return token; }
@PermitAll public String generateAuthenticatorTokenForApplication(@NonNull Application application) { RsaKeyPair activeApplicationKey = null; try { activeApplicationKey = signingKKeyPairsProvider.getApplicationSigningKey(application); } catch (NoSigningKeyException e) { throw new AuthenticatorRuntimeException("No signing key to create authenticator token for application " + application.getName(), e); } Algorithm algorithm = getAlgorithm(activeApplicationKey); String[] audience = this.getMyApplicationAudiences(application); String[] applicationRoles = new String[]{ AuthenticatorConstants.ROLE_APPLICATION }; Date expirationDate = this.getNewTokenExpirationDate(); Date issuedDate = new Date(); String applicationName = application.getName(); String tokenId = this.generateNewTokenId(applicationName); String token = JWT.create() .withIssuer(tokenIssuer) .withKeyId(activeApplicationKey.getName()) .withSubject(AuthenticatorConstants.AUTHENTICAOTOR_PRINCIPAL_NAME) .withExpiresAt(expirationDate) .withIssuedAt(issuedDate) .withJWTId(tokenId) .withAudience(audience) .withClaim(AuthenticatorConstants.MP_JWT_USER_PRINCIPAL_CLAIM_NAME, AuthenticatorConstants.AUTHENTICAOTOR_PRINCIPAL_NAME) .withArrayClaim(AuthenticatorConstants.MP_JWT_GROUPS_CLAIM_NAME, applicationRoles) .sign(algorithm); return token; }
@RolesAllowed({AuthenticatorConstants.ROLE_USER}) public String generateUserTokenForApplication(@NonNull UserApplication userApplication) throws NoSigningKeyException, UnauthorizedOperationException { User user = userApplication.getUser(); Application application = userApplication.getApplication(); RsaKeyPair activeApplicationKey = signingKKeyPairsProvider.getApplicationSigningKey(application); Algorithm algorithm = getAlgorithm(activeApplicationKey); String[] audience = this.getApplicationAudience(application); String[] userRoles = findUserApplicationRoles(application, user); Date expirationDate = this.getNewTokenExpirationDate(); Date issuedDate = new Date(); String tokenId = this.generateNewTokenId(application.getName()); Long userId = user.getId(); String userName = user.getName(); String token = JWT.create() .withIssuer(tokenIssuer) .withKeyId(activeApplicationKey.getName()) .withSubject(userName) .withExpiresAt(expirationDate) .withIssuedAt(issuedDate) .withJWTId(tokenId) .withAudience(audience) .withClaim(AuthenticatorConstants.MP_JWT_USER_PRINCIPAL_CLAIM_NAME, userName) .withArrayClaim(AuthenticatorConstants.MP_JWT_GROUPS_CLAIM_NAME, userRoles) .withClaim(AuthenticatorConstants.USER_ID_CLAIM_NAME, userId) .sign(algorithm); return token; }
@RolesAllowed({AuthenticatorConstants.ROLE_USER}) public String generateUserTokenForAuthenticator(@NonNull User user) throws NoSigningKeyException { RsaKeyPair activeProviderKey = signingKKeyPairsProvider.getAuthenticatorSigningKey(); Algorithm algorithm = getAlgorithm(activeProviderKey); String[] audience = this.getMyAudience(); String[] userRoles = findUserProviderRoles(user); Date expirationDate = this.getNewTokenExpirationDate(); Date issuedDate = new Date(); String tokenId = this.generateNewTokenId(""); Long userId = user.getId(); String userName = user.getName(); String token = JWT.create() .withIssuer(tokenIssuer) .withKeyId(activeProviderKey.getName()) .withSubject(userName) .withExpiresAt(expirationDate) .withIssuedAt(issuedDate) .withJWTId(tokenId) .withAudience(audience) .withClaim(AuthenticatorConstants.MP_JWT_USER_PRINCIPAL_CLAIM_NAME, userName) .withArrayClaim(AuthenticatorConstants.MP_JWT_GROUPS_CLAIM_NAME, userRoles) .withClaim(AuthenticatorConstants.USER_ID_CLAIM_NAME, userId) .sign(algorithm); return token; }