Support audience claim in token URL request
da1910 opened this issue · 2 comments
Is your feature request related to a problem? Please describe.
Auth0 Identity provider returns an opaque token unless the query parameter "audience" is set when requesting an access token. They use this parameter to determine which resource server to authorize the user to. See this support request: https://community.auth0.com/t/why-is-it-necessary-to-pass-the-audience-parameter-to-receive-a-jwt/11412.
Describe the solution you'd like
I would like a simple way to add extra parameters to the auth flow.
Describe alternatives you've considered
Extending the AuthorizationCodeFlow class to include the audience parameter, and using the AuthorizationCodeRequestUrl.set() method to add the query parameter. This resolved the issue, but required extending the builder as well, and will be sensitive to updates to the client.
This is a pretty easy fix in AuthorizationCodeInstalledApp.authorize(..) by adding a Map to the arguments and then calling :
authorizationUrl.setUnknownKeys(additionalRequestParams);
`
public Credential authorize(String userId, Map<String, Object> additionalRequestParams) throws IOException {
try {
Credential credential = flow.loadCredential(userId);
if (credential != null
&& (credential.getRefreshToken() != null
|| credential.getExpiresInSeconds() == null
|| credential.getExpiresInSeconds() > 60)) {
return credential;
}
// open in browser
String redirectUri = receiver.getRedirectUri();
AuthorizationCodeRequestUrl authorizationUrl = flow.newAuthorizationUrl().setRedirectUri(redirectUri);
if (additionalRequestParams != null && !additionalRequestParams.isEmpty()) {
authorizationUrl.setUnknownKeys(additionalRequestParams);
}
onAuthorization(authorizationUrl);
// receive authorization code and exchange it for an access token
String code = receiver.waitForCode();
TokenResponse response = flow.newTokenRequest(code).setRedirectUri(redirectUri).execute();
// store credential and return it
return flow.createAndStoreCredential(response, userId);
} finally {
receiver.stop();
}
}
`
@XcrigX Thanks for the suggestion. Unfortunately, this library is in maintenance mode and we normally don't add features, modifications. However, if you can contribute the change - we will review it.