Home

Welcome to the simple-web-app wiki!

---

To use request objects, replace the OpenIdConnectAuthenticationFilter bean declaration with the following:

` openid email address profile phone

<bean id="defaultsignerService" class="org.mitre.jwt.signer.service.impl.DefaultJwtSigningAndValidationService">
    <constructor-arg name="keyStore">
        <bean id="defaultKeyStore" class="org.mitre.jose.keystore.JWKSetKeyStore">
            <property name="location" value="classpath:keystore.jwks" />
        </bean>
    </constructor-arg>
    <property name="defaultSignerKeyId" value="rsa1" />
     <property name="defaultSigningAlgorithmName" value="RS256" />
</bean>
<bean id="clientKeyPublisher" class="org.mitre.openid.connect.client.keypublisher.ClientKeyPublisher">
     <property name="jwkPublishUrl" value="jwk" />
     <property name="signingAndValidationService" ref="defaultsignerService" />
 </bean>`

• You will need to add a file "keystore.jwks" to src/main/resources. This file has the following format: '{ "keys": [ { "d": "E7HJVBjdfIkTXz...", "e": "AQAB", "n": "6-t1lVKpi_tRA...", "kty": "RSA", "kid": "rsa1" } ] }' At least 1 key must be stored in this file with a "kid" value corresponding to the defaultSignerKeyId set on the 'DefaultJwtSigningAndValidationService' bean above. The json-web-key-generator application may be used to generate such a key.
• You will also need to register your JWK set URI with the server. In the config, this URI is specified in the 'ClientKeyPublisher' bean's 'jwkPublishUrl' property. On the server, this option is currently found under "Manage Clients" > "Edit" > "Credentials" tab > "JWK Set".