diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/core/oauth/profile/wlcg/WLCGProfileAccessTokenBuilder.java b/iam-login-service/src/main/java/it/infn/mw/iam/core/oauth/profile/wlcg/WLCGProfileAccessTokenBuilder.java index 831746dc6..f1a064ea7 100644 --- a/iam-login-service/src/main/java/it/infn/mw/iam/core/oauth/profile/wlcg/WLCGProfileAccessTokenBuilder.java +++ b/iam-login-service/src/main/java/it/infn/mw/iam/core/oauth/profile/wlcg/WLCGProfileAccessTokenBuilder.java @@ -61,40 +61,62 @@ public JWTClaimsSet buildAccessToken(OAuth2AccessTokenEntity token, builder.notBeforeTime(Date.from(issueTime)); - if (!token.getScope().isEmpty()) { - builder.claim(SCOPE_CLAIM_NAME, token.getScope().stream().collect(joining(SPACE))); - } - - builder.claim(WLCG_VER_CLAIM, PROFILE_VERSION); + addScopeClaim(builder, token); + addWlcgVerClaim(builder); if (!isNull(userInfo)) { Set groupNames = groupHelper.resolveGroupNames(token, ((UserInfoAdapter) userInfo).getUserinfo()); - - if (!groupNames.isEmpty()) { - builder.claim(WLCGGroupHelper.WLCG_GROUPS_SCOPE, groupNames); - } + addWlcgGroupsScopeClaim(builder, groupNames); if (token.getScope().contains(ATTR_SCOPE)) { - builder.claim(ATTR_SCOPE, attributeHelper - .getAttributeMapFromUserInfo(((UserInfoAdapter) userInfo).getUserinfo())); + addAttributeScopeClaim(builder, userInfo); } if (properties.getAccessToken().isIncludeAuthnInfo()) { - if (token.getScope().contains("email")) { - builder.claim("email", userInfo.getEmail()); - } - if (token.getScope().contains("profile")) { - builder.claim("preferred_username", userInfo.getPreferredUsername()); - builder.claim("name", userInfo.getName()); - } + addAuthnInfoClaims(builder, token.getScope(), userInfo); } } + addAudience(builder, authentication); + + return builder.build(); + } + + private void addScopeClaim(Builder builder, OAuth2AccessTokenEntity token) { + if (!token.getScope().isEmpty()) { + builder.claim(SCOPE_CLAIM_NAME, token.getScope().stream().collect(joining(SPACE))); + } + } + + private void addWlcgVerClaim(Builder builder) { + builder.claim(WLCG_VER_CLAIM, PROFILE_VERSION); + } + + private void addWlcgGroupsScopeClaim(Builder builder, Set groupNames) { + if (!groupNames.isEmpty()) { + builder.claim(WLCGGroupHelper.WLCG_GROUPS_SCOPE, groupNames); + } + } + + private void addAttributeScopeClaim(Builder builder, UserInfo userInfo) { + builder.claim(ATTR_SCOPE, + attributeHelper.getAttributeMapFromUserInfo(((UserInfoAdapter) userInfo).getUserinfo())); + } + + private void addAuthnInfoClaims(Builder builder, Set scopes, UserInfo userInfo) { + if (scopes.contains("email")) { + builder.claim("email", userInfo.getEmail()); + } + if (scopes.contains("profile")) { + builder.claim("preferred_username", userInfo.getPreferredUsername()); + builder.claim("name", userInfo.getName()); + } + } + + private void addAudience(Builder builder, OAuth2Authentication authentication) { if (!hasAudienceRequest(authentication) && !hasRefreshTokenAudienceRequest(authentication)) { builder.audience(ALL_AUDIENCES_VALUE); } - - return builder.build(); } }