Skip to content

Commit

Permalink
fill more JWT header fields
Browse files Browse the repository at this point in the history
fixes #148

Signed-off-by: Kai Helbig <kai.helbig@tngtech.com>
  • Loading branch information
ostrya committed Sep 4, 2023
1 parent 9a11e42 commit e2cba43
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,9 @@ public String getToken(
@Nonnull TokenConfig tokenConfig, @Nonnull UrlConfiguration requestConfiguration) {
JwtBuilder builder =
Jwts.builder()
.setHeaderParam("alg", algorithm.getValue())
.setHeaderParam("kid", keyId)
.setHeaderParam("typ", "JWT")
// since the specification allows for more than one audience, but JJWT only accepts
// one (see https://github.com/jwtk/jjwt/issues/77), use a workaround here
.claim("aud", tokenConfig.getAudience())
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,10 @@ void config_is_correctly_applied() {
verify(urlConfiguration).forRequestContext(HOSTNAME, REALM);
Jwt<Header<?>, Claims> jwt =
Jwts.parserBuilder().setSigningKey(signatureComponent.publicKey()).build().parse(token);
assertThat(jwt.getHeader()).containsEntry("kid", "keyId");
assertThat(jwt.getHeader())
.containsEntry("alg", "RS256")
.containsEntry("kid", "keyId")
.containsEntry("typ", "JWT");
Claims claims = jwt.getBody();

assertThat(claims).isEqualTo(generator.parseToken(token));
Expand Down Expand Up @@ -158,7 +161,10 @@ void user_data_is_not_generated() {

Jwt<Header<?>, Claims> jwt =
Jwts.parserBuilder().setSigningKey(signatureComponent.publicKey()).build().parse(token);
assertThat(jwt.getHeader()).containsEntry("kid", "keyId");
assertThat(jwt.getHeader())
.containsEntry("alg", "RS256")
.containsEntry("kid", "keyId")
.containsEntry("typ", "JWT");
Claims claims = jwt.getBody();

assertThat(claims.getSubject()).isEqualTo("foo.bar");
Expand All @@ -176,7 +182,10 @@ void user_data_is_generated() {

Jwt<Header<?>, Claims> jwt =
Jwts.parserBuilder().setSigningKey(signatureComponent.publicKey()).build().parse(token);
assertThat(jwt.getHeader()).containsEntry("kid", "keyId");
assertThat(jwt.getHeader())
.containsEntry("alg", "RS256")
.containsEntry("kid", "keyId")
.containsEntry("typ", "JWT");
Claims claims = jwt.getBody();

assertThat(claims.getSubject()).isEqualTo("foo.bar");
Expand Down Expand Up @@ -205,7 +214,10 @@ void explicit_user_data_takes_preference() {

Jwt<Header<?>, Claims> jwt =
Jwts.parserBuilder().setSigningKey(signatureComponent.publicKey()).build().parse(token);
assertThat(jwt.getHeader()).containsEntry("kid", "keyId");
assertThat(jwt.getHeader())
.containsEntry("alg", "RS256")
.containsEntry("kid", "keyId")
.containsEntry("typ", "JWT");
Claims claims = jwt.getBody();

assertThat(claims.getSubject()).isEqualTo("foo.bar");
Expand Down

0 comments on commit e2cba43

Please sign in to comment.