Skip to content

Commit 48bc269

Browse files
jricherjricher
committed
added JTI to client auth
1 parent d3f8ff2 commit 48bc269

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@
2323
import java.text.ParseException;
2424
import java.util.Date;
2525
import java.util.Map;
26+
import java.util.UUID;
2627

2728
import javax.servlet.ServletException;
2829
import javax.servlet.http.HttpServletRequest;
@@ -378,6 +379,7 @@ protected ClientHttpRequest createRequest(URI url, HttpMethod method) throws IOE
378379
claimsSet.setIssuer(clientConfig.getClientId());
379380
claimsSet.setSubject(clientConfig.getClientId());
380381
claimsSet.setAudience(Lists.newArrayList(serverConfig.getTokenEndpointUri()));
382+
claimsSet.setJWTID(UUID.randomUUID().toString());
381383

382384
// TODO: make this configurable
383385
Date exp = new Date(System.currentTimeMillis() + (60 * 1000)); // auth good for 60 seconds

0 commit comments

Comments
 (0)