From 26001a89f42811bb6ced3f4b9bb75a9c1fbc252c Mon Sep 17 00:00:00 2001 From: d3coder Date: Thu, 25 Apr 2024 15:36:38 +0500 Subject: [PATCH] [ANY] OpenID validate issuer and aud --- .../launchserver/auth/core/openid/OpenIDAuthenticator.java | 5 ++++- .../gravit/launchserver/auth/core/openid/OpenIDConfig.java | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/auth/core/openid/OpenIDAuthenticator.java b/LaunchServer/src/main/java/pro/gravit/launchserver/auth/core/openid/OpenIDAuthenticator.java index 5e0f9e0b..2500331d 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/auth/core/openid/OpenIDAuthenticator.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/auth/core/openid/OpenIDAuthenticator.java @@ -36,7 +36,10 @@ public class OpenIDAuthenticator { public OpenIDAuthenticator(OpenIDConfig openIDConfig) { this.openIDConfig = openIDConfig; var keyLocator = loadKeyLocator(openIDConfig); - this.jwtParser = Jwts.parser().keyLocator(keyLocator) + this.jwtParser = Jwts.parser() + .keyLocator(keyLocator) + .requireIssuer(openIDConfig.issuer()) + .requireAudience(openIDConfig.clientId()) .build(); } diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/auth/core/openid/OpenIDConfig.java b/LaunchServer/src/main/java/pro/gravit/launchserver/auth/core/openid/OpenIDConfig.java index 395f2046..2d4f3bae 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/auth/core/openid/OpenIDConfig.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/auth/core/openid/OpenIDConfig.java @@ -3,7 +3,8 @@ import java.net.URI; public record OpenIDConfig(URI tokenUri, String authorizationEndpoint, String clientId, String clientSecret, - String redirectUri, URI jwksUri, String scopes, ClaimExtractorConfig extractorConfig) { + String redirectUri, URI jwksUri, String scopes, String issuer, + ClaimExtractorConfig extractorConfig) { public record ClaimExtractorConfig(String usernameClaim, String uuidClaim) {} }