Add jti claim to generated JWT

Closes gh-1360

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/JwtGenerator.java

@@ -19,6 +19,7 @@ import java.time.Instant;
 import java.time.temporal.ChronoUnit;
 import java.util.Collections;
 import java.util.Date;
+import java.util.UUID;
 
 import org.springframework.lang.Nullable;
 import org.springframework.security.core.session.SessionInformation;
@@ -112,7 +113,8 @@ public final class JwtGenerator implements OAuth2TokenGenerator<Jwt> {
 				.subject(context.getPrincipal().getName())
 				.audience(Collections.singletonList(registeredClient.getClientId()))
 				.issuedAt(issuedAt)
-				.expiresAt(expiresAt);
+				.expiresAt(expiresAt)
+				.id(UUID.randomUUID().toString());
 		if (OAuth2TokenType.ACCESS_TOKEN.equals(context.getTokenType())) {
 			claimsBuilder.notBefore(issuedAt);
 			if (!CollectionUtils.isEmpty(context.getAuthorizedScopes())) {

oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/JwtGeneratorTests.java

@@ -318,6 +318,7 @@ public class JwtGeneratorTests {
 		}
 		assertThat(jwtClaimsSet.getIssuedAt()).isBetween(issuedAt.minusSeconds(1), issuedAt.plusSeconds(1));
 		assertThat(jwtClaimsSet.getExpiresAt()).isBetween(expiresAt.minusSeconds(1), expiresAt.plusSeconds(1));
+		assertThat(jwtClaimsSet.getId()).isNotNull();
 
 		if (tokenContext.getTokenType().equals(OAuth2TokenType.ACCESS_TOKEN)) {
 			assertThat(jwtClaimsSet.getNotBefore()).isBetween(issuedAt.minusSeconds(1), issuedAt.plusSeconds(1));