1 files changed, 8 insertions, 47 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c
index 5a34e5b72..d1c5b31b6 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -168,7 +168,6 @@ static char* OIDC_ignored_parameter_array [] =
 {
  "display",
  "prompt",
-  "max_age",
  "ui_locales", 
  "response_mode",
  "id_token_hint",
@@ -1320,7 +1319,9 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
  int client_exists = GNUNET_NO;
  struct MHD_Response *resp;
  char* code_output;
-  json_t *root, *ticket_string, *nonce, *max_age;
+  json_t *root;
+  json_t *ticket_string;
+  json_t *nonce;
  json_error_t error;
  char *json_response;
  char *jwt_secret;
@@ -1515,7 +1516,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
  GNUNET_free(code_output);
  ticket_string = json_object_get (root, "ticket");
  nonce = json_object_get (root, "nonce");
-  max_age = json_object_get (root, "max_age");
  if(ticket_string == NULL && !json_is_string(ticket_string))
  {
@@ -1557,9 +1557,9 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
  }
  //create jwt
-  unsigned long long int expiration_time;
+  struct GNUNET_TIME_Relative expiration_time;
  if ( GNUNET_OK
-       != GNUNET_CONFIGURATION_get_value_number(cfg, "reclaim-rest-plugin",
+       != GNUNET_CONFIGURATION_get_value_time(cfg, "reclaim-rest-plugin",
                                                "expiration_time", &expiration_time) )
  {
    GNUNET_free_non_null(user_psw);
@@ -1572,48 +1572,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
  }
  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *cl = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
-  //aud REQUIRED public key client_id must be there
+  
-  GNUNET_RECLAIM_ATTRIBUTE_list_add(cl,
-                                     "aud",
-                                     GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,
-                                     client_id,
-                                     strlen(client_id));
-  //exp REQUIRED time expired from config
-  struct GNUNET_TIME_Absolute exp_time = GNUNET_TIME_relative_to_absolute (
-                                                                           GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (),
-                                                                                                          expiration_time));
-  const char* exp_time_string = GNUNET_STRINGS_absolute_time_to_string(exp_time);
-  GNUNET_RECLAIM_ATTRIBUTE_list_add (cl,
-                                      "exp",
-                                      GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,
-                                      exp_time_string,
-                                      strlen(exp_time_string));
-  //iat REQUIRED time now
-  struct GNUNET_TIME_Absolute time_now = GNUNET_TIME_absolute_get();
-  const char* time_now_string = GNUNET_STRINGS_absolute_time_to_string(time_now);
-  GNUNET_RECLAIM_ATTRIBUTE_list_add (cl,
-                                      "iat",
-                                      GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,
-                                      time_now_string,
-                                      strlen(time_now_string));
-  //nonce only if nonce is provided
-  if ( NULL != nonce && json_is_string(nonce) )
-  {
-    GNUNET_RECLAIM_ATTRIBUTE_list_add (cl,
-                                        "nonce",
-                                        GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,
-                                        json_string_value(nonce),
-                                        strlen(json_string_value(nonce)));
-  }
-  //auth_time only if max_age is provided
-  if ( NULL != max_age && json_is_string(max_age) )
-  {
-    GNUNET_RECLAIM_ATTRIBUTE_list_add (cl,
-                                        "auth_time",
-                                        GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,
-                                        json_string_value(max_age),
-                                        strlen(json_string_value(max_age)));
-  }
  //TODO OPTIONAL acr,amr,azp
  struct EgoEntry *ego_entry;
@@ -1652,6 +1611,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
  char *id_token = jwt_create_from_list(&ticket->audience,
                                        &pk,
                                        cl,
+                                        &expiration_time,
+                                        (NULL != nonce && json_is_string(nonce)) ? json_string_value (nonce) : NULL,
                                        jwt_secret);
  //Create random access_token

diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 5a34e5b72..d1c5b31b6 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -168,7 +168,6 @@ static char* OIDC_ignored_parameter_array [] =
168	{	168	{
169	"display",	169	"display",
170	"prompt",	170	"prompt",
171	"max_age",
172	"ui_locales",	171	"ui_locales",
173	"response_mode",	172	"response_mode",
174	"id_token_hint",	173	"id_token_hint",
@@ -1320,7 +1319,9 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1320	int client_exists = GNUNET_NO;	1319	int client_exists = GNUNET_NO;
1321	struct MHD_Response *resp;	1320	struct MHD_Response *resp;
1322	char* code_output;	1321	char* code_output;
1323	json_t root, ticket_string, nonce, max_age;	1322	json_t *root;
		1323	json_t *ticket_string;
		1324	json_t *nonce;
1324	json_error_t error;	1325	json_error_t error;
1325	char *json_response;	1326	char *json_response;
1326	char *jwt_secret;	1327	char *jwt_secret;
@@ -1515,7 +1516,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1515	GNUNET_free(code_output);	1516	GNUNET_free(code_output);
1516	ticket_string = json_object_get (root, "ticket");	1517	ticket_string = json_object_get (root, "ticket");
1517	nonce = json_object_get (root, "nonce");	1518	nonce = json_object_get (root, "nonce");
1518	max_age = json_object_get (root, "max_age");
1519		1519
1520	if(ticket_string == NULL && !json_is_string(ticket_string))	1520	if(ticket_string == NULL && !json_is_string(ticket_string))
1521	{	1521	{
@@ -1557,9 +1557,9 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1557	}	1557	}
1558		1558
1559	//create jwt	1559	//create jwt
1560	unsigned long long int expiration_time;	1560	struct GNUNET_TIME_Relative expiration_time;
1561	if ( GNUNET_OK	1561	if ( GNUNET_OK
1562	!= GNUNET_CONFIGURATION_get_value_number(cfg, "reclaim-rest-plugin",	1562	!= GNUNET_CONFIGURATION_get_value_time(cfg, "reclaim-rest-plugin",
1563	"expiration_time", &expiration_time) )	1563	"expiration_time", &expiration_time) )
1564	{	1564	{
1565	GNUNET_free_non_null(user_psw);	1565	GNUNET_free_non_null(user_psw);
@@ -1572,48 +1572,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1572	}	1572	}
1573		1573
1574	struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *cl = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);	1574	struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *cl = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
1575	//aud REQUIRED public key client_id must be there	1575
1576	GNUNET_RECLAIM_ATTRIBUTE_list_add(cl,
1577	"aud",
1578	GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,
1579	client_id,
1580	strlen(client_id));
1581	//exp REQUIRED time expired from config
1582	struct GNUNET_TIME_Absolute exp_time = GNUNET_TIME_relative_to_absolute (
1583	GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (),
1584	expiration_time));
1585	const char* exp_time_string = GNUNET_STRINGS_absolute_time_to_string(exp_time);
1586	GNUNET_RECLAIM_ATTRIBUTE_list_add (cl,
1587	"exp",
1588	GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,
1589	exp_time_string,
1590	strlen(exp_time_string));
1591	//iat REQUIRED time now
1592	struct GNUNET_TIME_Absolute time_now = GNUNET_TIME_absolute_get();
1593	const char* time_now_string = GNUNET_STRINGS_absolute_time_to_string(time_now);
1594	GNUNET_RECLAIM_ATTRIBUTE_list_add (cl,
1595	"iat",
1596	GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,
1597	time_now_string,
1598	strlen(time_now_string));
1599	//nonce only if nonce is provided
1600	if ( NULL != nonce && json_is_string(nonce) )
1601	{
1602	GNUNET_RECLAIM_ATTRIBUTE_list_add (cl,
1603	"nonce",
1604	GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,
1605	json_string_value(nonce),
1606	strlen(json_string_value(nonce)));
1607	}
1608	//auth_time only if max_age is provided
1609	if ( NULL != max_age && json_is_string(max_age) )
1610	{
1611	GNUNET_RECLAIM_ATTRIBUTE_list_add (cl,
1612	"auth_time",
1613	GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,
1614	json_string_value(max_age),
1615	strlen(json_string_value(max_age)));
1616	}
1617	//TODO OPTIONAL acr,amr,azp	1576	//TODO OPTIONAL acr,amr,azp
1618		1577
1619	struct EgoEntry *ego_entry;	1578	struct EgoEntry *ego_entry;
@@ -1652,6 +1611,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1652	char *id_token = jwt_create_from_list(&ticket->audience,	1611	char *id_token = jwt_create_from_list(&ticket->audience,
1653	&pk,	1612	&pk,
1654	cl,	1613	cl,
		1614	&expiration_time,
		1615	(NULL != nonce && json_is_string(nonce)) ? json_string_value (nonce) : NULL,
1655	jwt_secret);	1616	jwt_secret);
1656		1617
1657	//Create random access_token	1618	//Create random access_token