From 1ac460a4fe0ca362ecb825826f38e56357dfb547 Mon Sep 17 00:00:00 2001 From: Vigneshan Date: Wed, 23 Nov 2022 15:14:24 +0000 Subject: [PATCH] Fix signature validation issue for jwt token requests --- .../apimgt/keymgt/extension/service/KeyMgtServiceImpl.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/service/KeyMgtServiceImpl.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/service/KeyMgtServiceImpl.java index 49fc818851..4640fc9a57 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/service/KeyMgtServiceImpl.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/service/KeyMgtServiceImpl.java @@ -159,6 +159,8 @@ public class KeyMgtServiceImpl implements KeyMgtService { } String tenantDomain = MultitenantUtils.getTenantDomain(application.getOwner()); + kmConfig = getKeyManagerConfig(); + String appTokenEndpoint = kmConfig.getServerUrl() + KeyMgtConstants.OAUTH2_TOKEN_ENDPOINT; RequestBody appTokenPayload; switch (tokenRequest.getGrantType()) { @@ -184,6 +186,7 @@ public class KeyMgtServiceImpl implements KeyMgtService { .add("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer") .add("assertion", tokenRequest.getAssertion()) .add("scope", tokenRequest.getScope()).build(); + appTokenEndpoint += "?tenantDomain=carbon.super"; break; case "access_token": appTokenPayload = new FormBody.Builder() @@ -198,8 +201,6 @@ public class KeyMgtServiceImpl implements KeyMgtService { break; } - kmConfig = getKeyManagerConfig(); - String appTokenEndpoint = kmConfig.getServerUrl() + KeyMgtConstants.OAUTH2_TOKEN_ENDPOINT; Request request = new Request.Builder() .url(appTokenEndpoint) .addHeader(KeyMgtConstants.AUTHORIZATION_HEADER, Credentials.basic(tokenRequest.getClientId(), tokenRequest.getClientSecret()))