Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Explain in JWTCallerPrincipal#getName JavaDocs that this method may not return a unique principal name #731

Merged
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,17 @@ public JWTCallerPrincipal(String rawToken, String tokenType) {
this.tokenType = tokenType;
}

/**
* {@inheritDoc}
*
* Note that this method is not guaranteed to return the unique principal name
* as documented in the {@link JsonWebToken#getName()} if the "upn" claim is not available
* but the next fallback claim, the "preferred_username" claim is.
* This is due to the fact that a standard OpenId Connect "preferred_username" claim value
* is not guaranteed to be unique.
* Use {@link JsonWebToken#getSubject()} or {@link JsonWebToken#getClaim("upn")} to get a unique
* identifier.
*/
@Override
public String getName() {
String principalName = getClaim(Claims.upn.name());
Expand All @@ -62,6 +73,9 @@ public String getName() {
}

@Override
/**
* {@inheritDoc}
*/
public Set<String> getClaimNames() {
Set<String> names = new HashSet<>(doGetClaimNames());
names.add(Claims.raw_token.name());
Expand All @@ -70,6 +84,9 @@ public Set<String> getClaimNames() {

protected abstract Collection<String> doGetClaimNames();

/**
* {@inheritDoc}
*/
@Override
public <T> T getClaim(String claimName) {
@SuppressWarnings("unchecked")
Expand Down