Skip to content

Commit

Permalink
added logic for tenant id in IdToken.java
Browse files Browse the repository at this point in the history
  • Loading branch information
SayazhanBos committed Mar 11, 2024
1 parent 3a8f54f commit 130ce33
Showing 1 changed file with 7 additions and 5 deletions.
12 changes: 7 additions & 5 deletions library/java/net/openid/appauth/IdToken.java
Original file line number Diff line number Diff line change
Expand Up @@ -217,11 +217,13 @@ void validate(@NonNull TokenRequest tokenRequest,
// Validates that the issuer in the ID Token matches that of the discovery document.
AuthorizationServiceDiscovery discoveryDoc = tokenRequest.configuration.discoveryDoc;
if (discoveryDoc != null) {
// String expectedIssuer = discoveryDoc.getIssuer();
// if (!this.issuer.equals(expectedIssuer)) {
// throw AuthorizationException.fromTemplate(GeneralErrors.ID_TOKEN_VALIDATION_ERROR,
// new IdTokenException("Issuer mismatch"));
// }
String tid = (String) this.additionalClaims.get("tid");
String expectedIssuer = discoveryDoc.getIssuer().replace("{tenantid}",
tid != null ? tid : "");
if (!this.issuer.equals(expectedIssuer)) {
throw AuthorizationException.fromTemplate(GeneralErrors.ID_TOKEN_VALIDATION_ERROR,
new IdTokenException("Issuer mismatch"));
}

// OpenID Connect Core Section 2.
// The iss value is a case sensitive URL using the https scheme that contains scheme,
Expand Down

0 comments on commit 130ce33

Please sign in to comment.