Jose Escobar created CXF-7201:
---------------------------------
Summary: Incorrect JSON return in openId connect UserInfo when no
signature or encryption
Key: CXF-7201
URL: https://issues.apache.org/jira/browse/CXF-7201
Project: CXF
Issue Type: Improvement
Components: JAX-RS Security
Affects Versions: 3.1.9
Reporter: Jose Escobar
Priority: Minor
Hello,
I'm using your org.apache.cxf.rs.security.oidc.idp.UserInfoService tu publish
an OpenId connect UserInfo service. When returned JWT requires signature or
encryption I get a correctly formatted JWT, but when no signature or encryption
is required, returned JSON is not correctly formatted.
Problem occurs because on the second scenario, JSON marshal is done out of
scope of cxf jose jwt (by default json marshaller). On signature or encrypted
JWT, JwtUtils.claimsToJson is used and result is OK.
I've resolve this using a custom UserInfoService. I'm going to send a pull
request with a fix hoping it could be useful.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
