[MNT-24542] added validator for openid scope

Alfresco · Nov 26, 2024 · 3ef07cf · 3ef07cf
1 parent f34f284
commit 3ef07cf
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/...fresco/repo/security/authentication/identityservice/IdentityServiceFacadeFactoryBean.java b/...fresco/repo/security/authentication/identityservice/IdentityServiceFacadeFactoryBean.java
@@ -659,6 +659,7 @@ private OAuth2TokenValidator<Jwt> createJwtTokenValidator(ProviderDetails provid
             List<OAuth2TokenValidator<Jwt>> validators = new ArrayList<>();
             validators.add(new JwtTimestampValidator(Duration.of(0, ChronoUnit.MILLIS)));
             validators.add(new JwtIssuerValidator(providerDetails.getIssuerUri()));
+            validators.add(new JwtClaimValidator<String>("scope", scope -> scope!=null && scope.contains("openid")));
             if (!config.isClientIdValidationDisabled())
             {
                 validators.add(new JwtClaimValidator<String>("azp", config.getResource()::equals));