* To comply with this spec, this builder needs you to specify at least the - * {@link #audience}, {@link #issuer}, and {@link #clientId}. + * {@link #audience} and {@link #issuer}. * *
* While building, the claims are keyed by claim name to allow for simplified lookup
* and replacement in {@link #validators}.
*
* @author Josh Cummings
+ * @author Giacomo Baso
* @since 6.5
*/
public static final class AtJwtBuilder {
@@ -167,6 +168,7 @@ public final class JwtValidators {
this.validators.put(JwtClaimNames.SUB, require(JwtClaimNames.SUB));
this.validators.put(JwtClaimNames.IAT, require(JwtClaimNames.IAT).and(timestamps));
this.validators.put(JwtClaimNames.JTI, require(JwtClaimNames.JTI));
+ this.validators.put("client_id", require("client_id"));
}
/**
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtValidatorsTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtValidatorsTests.java
index 6ab52ab94c..a1b012f50a 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtValidatorsTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtValidatorsTests.java
@@ -36,6 +36,7 @@ import static org.assertj.core.api.Assertions.assertThatException;
* Tests for {@link JwtValidators}.
*
* @author Max Batischev
+ * @author Giacomo Baso
*/
public class JwtValidatorsTests {
@@ -105,6 +106,24 @@ public class JwtValidatorsTests {
assertThat(result.getErrors().toString()).doesNotContain("iss");
}
+ @Test
+ void createAtJwtWhenClientIdIsNotPresentThenRequireClientIdWithAnyValue() {
+ Jwt.Builder builder = TestJwts.jwt();
+ OAuth2TokenValidator