|
|
@@ -22,6 +22,7 @@ import java.util.ArrayList;
|
|
|
import java.util.Arrays;
|
|
|
import java.util.Collection;
|
|
|
import java.util.Collections;
|
|
|
+import java.util.LinkedHashMap;
|
|
|
import java.util.List;
|
|
|
import java.util.Map;
|
|
|
|
|
|
@@ -143,16 +144,17 @@ public class SpringReactiveOpaqueTokenIntrospector implements ReactiveOpaqueToke
|
|
|
}
|
|
|
|
|
|
private OAuth2TokenIntrospectionClaimAccessor convertClaimsSet(Map<String, Object> claims) {
|
|
|
- claims.computeIfPresent(OAuth2TokenIntrospectionClaimNames.AUD, (k, v) -> {
|
|
|
+ Map<String, Object> converted = new LinkedHashMap<>(claims);
|
|
|
+ converted.computeIfPresent(OAuth2TokenIntrospectionClaimNames.AUD, (k, v) -> {
|
|
|
if (v instanceof String) {
|
|
|
return Collections.singletonList(v);
|
|
|
}
|
|
|
return v;
|
|
|
});
|
|
|
- claims.computeIfPresent(OAuth2TokenIntrospectionClaimNames.CLIENT_ID, (k, v) -> v.toString());
|
|
|
- claims.computeIfPresent(OAuth2TokenIntrospectionClaimNames.EXP,
|
|
|
+ converted.computeIfPresent(OAuth2TokenIntrospectionClaimNames.CLIENT_ID, (k, v) -> v.toString());
|
|
|
+ converted.computeIfPresent(OAuth2TokenIntrospectionClaimNames.EXP,
|
|
|
(k, v) -> Instant.ofEpochSecond(((Number) v).longValue()));
|
|
|
- claims.computeIfPresent(OAuth2TokenIntrospectionClaimNames.IAT,
|
|
|
+ converted.computeIfPresent(OAuth2TokenIntrospectionClaimNames.IAT,
|
|
|
(k, v) -> Instant.ofEpochSecond(((Number) v).longValue()));
|
|
|
// RFC-7662 page 7 directs users to RFC-7519 for defining the values of these
|
|
|
// issuer fields.
|
|
|
@@ -172,12 +174,12 @@ public class SpringReactiveOpaqueTokenIntrospector implements ReactiveOpaqueToke
|
|
|
// may be awkward to debug, we do not want to manipulate this value. Previous
|
|
|
// versions of Spring Security
|
|
|
// would *only* allow valid URLs, which is not what we wish to achieve here.
|
|
|
- claims.computeIfPresent(OAuth2TokenIntrospectionClaimNames.ISS, (k, v) -> v.toString());
|
|
|
- claims.computeIfPresent(OAuth2TokenIntrospectionClaimNames.NBF,
|
|
|
+ converted.computeIfPresent(OAuth2TokenIntrospectionClaimNames.ISS, (k, v) -> v.toString());
|
|
|
+ converted.computeIfPresent(OAuth2TokenIntrospectionClaimNames.NBF,
|
|
|
(k, v) -> Instant.ofEpochSecond(((Number) v).longValue()));
|
|
|
- claims.computeIfPresent(OAuth2TokenIntrospectionClaimNames.SCOPE,
|
|
|
+ converted.computeIfPresent(OAuth2TokenIntrospectionClaimNames.SCOPE,
|
|
|
(k, v) -> (v instanceof String s) ? new ArrayListFromString(s.split(" ")) : v);
|
|
|
- return () -> claims;
|
|
|
+ return () -> converted;
|
|
|
}
|
|
|
|
|
|
private OAuth2IntrospectionException onError(Throwable ex) {
|
Josh Cummings