From e3ea25b00dc632ca8b611644ddfdaeb6a5d79791 Mon Sep 17 00:00:00 2001 From: ch4mpy Date: Mon, 6 Nov 2023 16:29:23 +0100 Subject: [PATCH] gh-153 --- .../synchronised/SpringAddonsOidcBeans.java | 24 +++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/SpringAddonsOidcBeans.java b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/SpringAddonsOidcBeans.java index bef06e916..b4f4b6e88 100644 --- a/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/SpringAddonsOidcBeans.java +++ b/spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/SpringAddonsOidcBeans.java @@ -1,5 +1,6 @@ package com.c4_soft.springaddons.security.oidc.starter.synchronised; +import java.sql.Date; import java.time.Instant; import java.util.Collection; import java.util.HashSet; @@ -98,6 +99,8 @@ OpaqueTokenAuthenticationConverter introspectionAuthenticationConverter( SpringAddonsOidcProperties addonsProperties, OAuth2ResourceServerProperties resourceServerProperties) { return (String introspectedToken, OAuth2AuthenticatedPrincipal authenticatedPrincipal) -> { + final var iatClaim = authenticatedPrincipal.getAttribute(OAuth2TokenIntrospectionClaimNames.IAT); + final var expClaim = authenticatedPrincipal.getAttribute(OAuth2TokenIntrospectionClaimNames.EXP); return new BearerTokenAuthentication( new OAuth2IntrospectionAuthenticatedPrincipal( new OpenidClaimSet( @@ -112,11 +115,28 @@ OpaqueTokenAuthenticationConverter introspectionAuthenticationConverter( new OAuth2AccessToken( OAuth2AccessToken.TokenType.BEARER, introspectedToken, - Instant.ofEpochSecond(((Integer) authenticatedPrincipal.getAttribute(OAuth2TokenIntrospectionClaimNames.IAT)).longValue()), - Instant.ofEpochSecond(((Integer) authenticatedPrincipal.getAttribute(OAuth2TokenIntrospectionClaimNames.EXP)).longValue())), + toInstant(iatClaim), + toInstant(expClaim)), authoritiesConverter.convert(authenticatedPrincipal.getAttributes())); }; } + + private final Instant toInstant(Object claim) { + if(claim == null) { + return null; + } + if(claim instanceof Instant i) { + return i; + } else if(claim instanceof Date d) { + return d.toInstant(); + } else if(claim instanceof Integer i) { + return Instant.ofEpochSecond((i).longValue()); + } else if(claim instanceof Long l) { + return Instant.ofEpochSecond(l); + } else { + return null; + } + } /** * @param authoritiesConverter the authorities converter to use (by default {@link ConfigurableClaimSetAuthoritiesConverter})