[CXF-7201] Incorrect JSON return in openId connect UserInfo when no signature or encryption - ASF JIRA

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.1.9
Fix Version/s: 3.1.10, 3.2.0
Component/s: JAX-RS Security
Labels:
- jwt
- openid

Estimated Complexity:
Moderate

Description

Hello,
I'm using your org.apache.cxf.rs.security.oidc.idp.UserInfoService tu publish an OpenId connect UserInfo service. When returned JWT requires signature or encryption I get a correctly formatted JWT, but when no signature or encryption is required, returned JSON is not correctly formatted.

Problem occurs because on the second scenario, JSON marshal is done out of scope of cxf jose jwt (by default json marshaller). On signature or encrypted JWT, JwtUtils.claimsToJson is used and result is OK.

I've resolve this using a custom UserInfoService. I'm going to send a pull request with a fix hoping it could be useful.

Attachments

Issue Links

links to

GitHub Pull Request #218

Activity

People

Assignee:

Sergey Beryozkin

Reporter:

Jose Escobar

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

30/Dec/16 09:52

Updated:

26/May/17 08:30

Resolved:

30/Dec/16 13:37