community/device-mgt-core
1
0
Fork 0
mirror of https://repository.entgra.net/community/device-mgt-core.git synced 2025-10-06 02:01:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix signature validation issue for jwt token requests

Browse Source
This commit is contained in:
Vigneshan 2022-11-23 15:14:24 +00:00
parent 002dc090ea
commit 1ac460a4fe
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/service/KeyMgtServiceImpl.java
View File

@ -159,6 +159,8 @@ public class KeyMgtServiceImpl implements KeyMgtService {
} }
String tenantDomain = MultitenantUtils.getTenantDomain(application.getOwner()); String tenantDomain = MultitenantUtils.getTenantDomain(application.getOwner());
kmConfig = getKeyManagerConfig();
String appTokenEndpoint = kmConfig.getServerUrl() + KeyMgtConstants.OAUTH2_TOKEN_ENDPOINT;
RequestBody appTokenPayload; RequestBody appTokenPayload;
switch (tokenRequest.getGrantType()) { switch (tokenRequest.getGrantType()) {
@ -184,6 +186,7 @@ public class KeyMgtServiceImpl implements KeyMgtService {
.add("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer") .add("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer")
.add("assertion", tokenRequest.getAssertion()) .add("assertion", tokenRequest.getAssertion())
.add("scope", tokenRequest.getScope()).build(); .add("scope", tokenRequest.getScope()).build();
appTokenEndpoint += "?tenantDomain=carbon.super";
break; break;
case "access_token": case "access_token":
appTokenPayload = new FormBody.Builder() appTokenPayload = new FormBody.Builder()
@ -198,8 +201,6 @@ public class KeyMgtServiceImpl implements KeyMgtService {
break; break;
} }
kmConfig = getKeyManagerConfig();
String appTokenEndpoint = kmConfig.getServerUrl() + KeyMgtConstants.OAUTH2_TOKEN_ENDPOINT;
Request request = new Request.Builder() Request request = new Request.Builder()
.url(appTokenEndpoint) .url(appTokenEndpoint)
.addHeader(KeyMgtConstants.AUTHORIZATION_HEADER, Credentials.basic(tokenRequest.getClientId(), tokenRequest.getClientSecret())) .addHeader(KeyMgtConstants.AUTHORIZATION_HEADER, Credentials.basic(tokenRequest.getClientId(), tokenRequest.getClientSecret()))