added key id to id token, closes mitreid-connect#725

Author: jricher

openid-connect-common/src/main/java/org/mitre/jwt/signer/service/JwtSigningAndValidationService.java

@@ -74,6 +74,8 @@ public interface JwtSigningAndValidationService {
  */
 public void signJwt(SignedJWT jwt, JWSAlgorithm alg);
 
+public String getDefaultSignerKeyId();
+
 /**
  * TODO: method to sign a jwt using a specified algorithm and a key id
  */

openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJwtSigningAndValidationService.java

@@ -113,6 +113,7 @@ public DefaultJwtSigningAndValidationService(JWKSetKeyStore keyStore) throws NoS
 /**
  * @return the defaultSignerKeyId
  */
+@Override
 public String getDefaultSignerKeyId() {
 return defaultSignerKeyId;
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java

@@ -166,16 +166,21 @@ public OAuth2AccessTokenEntity createIdToken(ClientDetailsEntity client, OAuth2R
 } else {
 
 // signed ID token
-idToken = new SignedJWT(new JWSHeader(signingAlg), idClaims);
 
 if (signingAlg.equals(JWSAlgorithm.HS256)
 || signingAlg.equals(JWSAlgorithm.HS384)
 || signingAlg.equals(JWSAlgorithm.HS512)) {
+
+idToken = new SignedJWT(new JWSHeader(signingAlg), idClaims);
+
 JwtSigningAndValidationService signer = symmetricCacheService.getSymmetricValidtor(client);
 
 // sign it with the client's secret
 signer.signJwt((SignedJWT) idToken);
 } else {
+idClaims.setCustomClaim("kid", jwtService.getDefaultSignerKeyId());
+
+idToken = new SignedJWT(new JWSHeader(signingAlg), idClaims);
 
 // sign it with the server's key
 jwtService.signJwt((SignedJWT) idToken);