Add jti claim to generated JWT

Closes gh-1360
This commit is contained in:
Joe Grandja
2023-10-18 16:28:39 -04:00
parent ad85f32b9a
commit 8f2ea490ad
2 changed files with 4 additions and 1 deletions

View File

@@ -19,6 +19,7 @@ import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.Collections;
import java.util.Date;
import java.util.UUID;
import org.springframework.lang.Nullable;
import org.springframework.security.core.session.SessionInformation;
@@ -112,7 +113,8 @@ public final class JwtGenerator implements OAuth2TokenGenerator<Jwt> {
.subject(context.getPrincipal().getName())
.audience(Collections.singletonList(registeredClient.getClientId()))
.issuedAt(issuedAt)
.expiresAt(expiresAt);
.expiresAt(expiresAt)
.id(UUID.randomUUID().toString());
if (OAuth2TokenType.ACCESS_TOKEN.equals(context.getTokenType())) {
claimsBuilder.notBefore(issuedAt);
if (!CollectionUtils.isEmpty(context.getAuthorizedScopes())) {

View File

@@ -318,6 +318,7 @@ public class JwtGeneratorTests {
}
assertThat(jwtClaimsSet.getIssuedAt()).isBetween(issuedAt.minusSeconds(1), issuedAt.plusSeconds(1));
assertThat(jwtClaimsSet.getExpiresAt()).isBetween(expiresAt.minusSeconds(1), expiresAt.plusSeconds(1));
assertThat(jwtClaimsSet.getId()).isNotNull();
if (tokenContext.getTokenType().equals(OAuth2TokenType.ACCESS_TOKEN)) {
assertThat(jwtClaimsSet.getNotBefore()).isBetween(issuedAt.minusSeconds(1), issuedAt.plusSeconds(1));