Add JTI to JWTTokenProvider (#312)

cYKatherine · web-flow · commit f1a829192f59 · 2025-06-24T18:35:13.000+10:00
diff --git a/src/main/java/com/uid2/core/service/OperatorJWTTokenProvider.java b/src/main/java/com/uid2/core/service/OperatorJWTTokenProvider.java
@@ -12,6 +12,7 @@
 import java.time.Instant;
 import java.util.HashMap;
 import java.util.Set;
+import java.util.UUID;
 import java.util.stream.Collectors;
 import java.security.MessageDigest;
 
@@ -80,6 +81,7 @@ private String getJWTToken(String issuer, String audience, String operatorKey, S
         claims.put("enclaveId", enclaveId);
         claims.put("enclaveType", enclaveType);
         claims.put("operatorVersion", operatorVersion);
+        claims.put("jti", UUID.randomUUID().toString());
 
         LOGGER.debug(String.format("Creating token with: Issuer: %s, Audience: %s, Roles: %s, SiteId: %s, EnclaveId: %s, EnclaveType: %s, OperatorVersion: %s", audience, issuer, roleString, siteId, enclaveId, enclaveType, operatorVersion));
         return this.jwtTokenProvider.getJWT(expiresAt, this.clock.instant(), claims);
diff --git a/src/test/java/com/uid2/core/service/JWTTokenProviderTest.java b/src/test/java/com/uid2/core/service/JWTTokenProviderTest.java
@@ -23,6 +23,7 @@
 import java.util.Base64;
 import java.util.HashMap;
 import java.util.Optional;
+import java.util.UUID;
 
 import static com.uid2.shared.Utils.readToEndAsString;
 import static org.junit.jupiter.api.Assertions.*;
@@ -53,8 +54,10 @@ void getJwtReturnsValidToken() throws JWTTokenProvider.JwtSigningException {
         headers.put("c", "d");
 
         HashMap<String, String> content = new HashMap<>();
+        String jti = UUID.randomUUID().toString();
         content.put("sub", "subject");
         content.put("iss", "issuer");
+        content.put("jti", jti);
 
         var builder = getBuilder(true, "TestSignature");
         JWTTokenProvider provider = new JWTTokenProvider(config, () -> builder);
@@ -74,6 +77,7 @@ void getJwtReturnsValidToken() throws JWTTokenProvider.JwtSigningException {
         contentJson.put("iat", i.getEpochSecond());
         contentJson.put("sub", "subject");
         contentJson.put("iss", "issuer");
+        contentJson.put("jti", jti);
 
         assertJWT(defaultHeaders.encode(), contentJson.encode(), expectedSig, result);
         assertEquals("1234", this.capturedSignRequest.getValue().keyId());
