Vet Service: adds infrastructure.config.security.CustomIdTokenClaimsV…

…alidator Temporal workaround suggested in (micronaut-projects/micronaut-security#1543)
ArnauAregall · Mar 30, 2024 · d1274ee · d1274ee
1 parent 926390d
commit d1274ee
Showing 1 changed file with 30 additions and 0 deletions.
diff --git a/...aaregall/lab/petclinic/vet/infrastructure/config/security/CustomIdTokenClaimsValidator.kt b/...aaregall/lab/petclinic/vet/infrastructure/config/security/CustomIdTokenClaimsValidator.kt
@@ -0,0 +1,30 @@
+package tech.aaregall.lab.petclinic.vet.infrastructure.config.security
+
+import io.micronaut.context.annotation.Replaces
+import io.micronaut.security.oauth2.client.IdTokenClaimsValidator
+import io.micronaut.security.oauth2.configuration.OauthClientConfiguration
+import io.micronaut.security.token.Claims
+import jakarta.inject.Singleton
+
+/**
+ * Custom claim validator to not restrict azp to clientId
+ * See https://github.com/micronaut-projects/micronaut-security/issues/1543
+ */
+@Singleton
+@Replaces(IdTokenClaimsValidator::class)
+class CustomIdTokenClaimsValidator<T>(oauthClientConfigurations: Collection<OauthClientConfiguration>): IdTokenClaimsValidator<T>(oauthClientConfigurations) {
+
+    override fun validateAzp(claims: Claims, clientId: String, audiences: MutableList<String>): Boolean {
+        if (audiences.size < 2) {
+            return true
+        }
+        return parseAzpClaim(claims)
+            .filter { clientId.equals(it, ignoreCase = true) || audiences.containsIgnoreCase(it) }
+            .isPresent
+    }
+
+}
+
+private fun List<String>.containsIgnoreCase(element: String): Boolean {
+    return this.any { it.equals(element, ignoreCase = true) }
+}