@@ -53,9 +53,9 @@ public class AudienceAccessTokenValidator implements AccessTokenValidator {
5353 @ Autowired
5454 OIDCConfiguration oidcConfiguration ;
5555
56- /**
57- * "aud" must be our client id
58- * OR "azp" must be our client id (or, if its a list, contain our client id)
56+ /**
57+ * "aud" must be our client id (or, if its a list, contain our client id)
58+ * OR "azp" must be our client id
5959 * OR "appid" must be our client id.
6060 * <p>
6161 * Otherwise, its a token not for us...
@@ -68,8 +68,9 @@ public class AudienceAccessTokenValidator implements AccessTokenValidator {
6868 */
6969 @ Override
7070 public void verifyToken (Map claimsJWT , Map userInfoClaims ) throws Exception {
71- if ((claimsJWT .get (AUDIENCE_CLAIM_NAME ) != null )
72- && claimsJWT .get (AUDIENCE_CLAIM_NAME ).equals (oidcConfiguration .getClientId ())) {
71+ //azp from keycloak
72+ if ((claimsJWT .get (KEYCLOAK_AUDIENCE_CLAIM_NAME ) != null )
73+ && claimsJWT .get (KEYCLOAK_AUDIENCE_CLAIM_NAME ).equals (oidcConfiguration .getClientId ())) {
7374 return ;
7475 }
7576
@@ -78,15 +79,15 @@ public void verifyToken(Map claimsJWT, Map userInfoClaims) throws Exception {
7879 return ; //azure specific
7980 }
8081
81- //azp - keycloak
82- Object azp = claimsJWT .get (KEYCLOAK_AUDIENCE_CLAIM_NAME );
83- if (azp != null ) {
84- if (azp instanceof String ) {
85- if (((String ) azp ).equals (oidcConfiguration .getClientId ()))
82+ //aud
83+ Object aud = claimsJWT .get (AUDIENCE_CLAIM_NAME );
84+ if (aud != null ) {
85+ if (aud instanceof String ) {
86+ if (((String ) aud ).equals (oidcConfiguration .getClientId ()))
8687 return ;
87- } else if (azp instanceof List ) {
88- List azps = (List ) azp ;
89- for (Object o : azps ) {
88+ } else if (aud instanceof List ) {
89+ List auds = (List ) aud ;
90+ for (Object o : auds ) {
9091 if ((o instanceof String ) && (o .equals (oidcConfiguration .getClientId ()))) {
9192 return ;
9293 }
0 commit comments