Giters

googleapis / google-oauth-java-client

Google OAuth Client Library for Java

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Support audience claim in token URL request

da1910 opened this issue · comments

commented

Is your feature request related to a problem? Please describe.
Auth0 Identity provider returns an opaque token unless the query parameter "audience" is set when requesting an access token. They use this parameter to determine which resource server to authorize the user to. See this support request: https://community.auth0.com/t/why-is-it-necessary-to-pass-the-audience-parameter-to-receive-a-jwt/11412.

Describe the solution you'd like
I would like a simple way to add extra parameters to the auth flow.

Describe alternatives you've considered
Extending the AuthorizationCodeFlow class to include the audience parameter, and using the AuthorizationCodeRequestUrl.set() method to add the query parameter. This resolved the issue, but required extending the builder as well, and will be sensitive to updates to the client.

commented

This is a pretty easy fix in AuthorizationCodeInstalledApp.authorize(..) by adding a Map to the arguments and then calling :
authorizationUrl.setUnknownKeys(additionalRequestParams);

`

public Credential authorize(String userId, Map<String, Object> additionalRequestParams) throws IOException {

	try {
		Credential credential = flow.loadCredential(userId);
		if (credential != null
			&& (credential.getRefreshToken() != null
				|| credential.getExpiresInSeconds() == null
				|| credential.getExpiresInSeconds() > 60)) {
			return credential;
		}

		// open in browser
		String redirectUri = receiver.getRedirectUri();
		AuthorizationCodeRequestUrl authorizationUrl = flow.newAuthorizationUrl().setRedirectUri(redirectUri);

		if (additionalRequestParams != null && !additionalRequestParams.isEmpty()) {
			authorizationUrl.setUnknownKeys(additionalRequestParams);
		}

		onAuthorization(authorizationUrl);
		// receive authorization code and exchange it for an access token
		String code = receiver.waitForCode();
		TokenResponse response = flow.newTokenRequest(code).setRedirectUri(redirectUri).execute();
		// store credential and return it
		return flow.createAndStoreCredential(response, userId);
	} finally {
		receiver.stop();
	}
}

`

commented

@XcrigX Thanks for the suggestion. Unfortunately, this library is in maintenance mode and we normally don't add features, modifications. However, if you can contribute the change - we will review it.