Fix signature validation issue for jwt token requests

appcategoryfix
Vigneshan Seshamany 2 years ago
parent 002dc090ea
commit 1ac460a4fe

@ -159,6 +159,8 @@ public class KeyMgtServiceImpl implements KeyMgtService {
} }
String tenantDomain = MultitenantUtils.getTenantDomain(application.getOwner()); String tenantDomain = MultitenantUtils.getTenantDomain(application.getOwner());
kmConfig = getKeyManagerConfig();
String appTokenEndpoint = kmConfig.getServerUrl() + KeyMgtConstants.OAUTH2_TOKEN_ENDPOINT;
RequestBody appTokenPayload; RequestBody appTokenPayload;
switch (tokenRequest.getGrantType()) { switch (tokenRequest.getGrantType()) {
@ -184,6 +186,7 @@ public class KeyMgtServiceImpl implements KeyMgtService {
.add("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer") .add("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer")
.add("assertion", tokenRequest.getAssertion()) .add("assertion", tokenRequest.getAssertion())
.add("scope", tokenRequest.getScope()).build(); .add("scope", tokenRequest.getScope()).build();
appTokenEndpoint += "?tenantDomain=carbon.super";
break; break;
case "access_token": case "access_token":
appTokenPayload = new FormBody.Builder() appTokenPayload = new FormBody.Builder()
@ -198,8 +201,6 @@ public class KeyMgtServiceImpl implements KeyMgtService {
break; break;
} }
kmConfig = getKeyManagerConfig();
String appTokenEndpoint = kmConfig.getServerUrl() + KeyMgtConstants.OAUTH2_TOKEN_ENDPOINT;
Request request = new Request.Builder() Request request = new Request.Builder()
.url(appTokenEndpoint) .url(appTokenEndpoint)
.addHeader(KeyMgtConstants.AUTHORIZATION_HEADER, Credentials.basic(tokenRequest.getClientId(), tokenRequest.getClientSecret())) .addHeader(KeyMgtConstants.AUTHORIZATION_HEADER, Credentials.basic(tokenRequest.getClientId(), tokenRequest.getClientSecret()))

Loading…
Cancel
Save