Add token audience param to oidc-client

Adds the token audience param to the OIDC Client for getting access tokens with an expected aud claim.
quarkusio · Apr 2, 2021 · d0d6423 · d0d6423
1 parent d84a929
commit d0d6423
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 1 deletion.
diff --git a/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/OidcClientConfig.java b/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/OidcClientConfig.java
@@ -26,11 +26,17 @@ public class OidcClientConfig extends OidcCommonConfig {
     public boolean clientEnabled = true;
 
     /**
-     * List of access token scopes
+     * List of access token scopes.
      */
     @ConfigItem
     public Optional<List<String>> scopes = Optional.empty();
 
+    /**
+     * The API's unique identifier as the intended audience of the access token (indicated by the aud claim).
+     */
+    @ConfigItem
+    public Optional<String> audience = Optional.empty();
+
     /**
      * Refresh token time skew in seconds.
      * If this property is enabled then the configured number of seconds is added to the current time
@@ -117,6 +123,14 @@ public void setScopes(List<String> scopes) {
         this.scopes = Optional.of(scopes);
     }
 
+    public Optional<String> getAudience() {
+        return audience;
+    }
+
+    public void setAudience(String audience) {
+        this.audience = Optional.of(audience);
+    }
+
     public Optional<Duration> getRefreshTokenTimeSkew() {
         return refreshTokenTimeSkew;
     }

diff --git a/.../oidc-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/OidcClientRecorder.java b/.../oidc-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/OidcClientRecorder.java
@@ -170,6 +170,9 @@ private static void setGrantClientParams(OidcClientConfig oidcConfig, MultiMap g
         if (oidcConfig.getScopes().isPresent()) {
             grantParams.add(OidcConstants.TOKEN_SCOPE, oidcConfig.getScopes().get().stream().collect(Collectors.joining(" ")));
         }
+        if (oidcConfig.getAudience().isPresent()) {
+            grantParams.add(OidcConstants.TOKEN_AUDIENCE, oidcConfig.getAudience().get());
+        }
     }
 
     private static Uni<String> discoverTokenRequestUri(WebClient client, String authServerUrl, OidcClientConfig oidcConfig) {

diff --git a/...sions/oidc-common/runtime/src/main/java/io/quarkus/oidc/common/runtime/OidcConstants.java b/...sions/oidc-common/runtime/src/main/java/io/quarkus/oidc/common/runtime/OidcConstants.java
@@ -23,6 +23,7 @@ public final class OidcConstants {
     public static final String PASSWORD_GRANT_USERNAME = "username";
     public static final String PASSWORD_GRANT_PASSWORD = "password";
 
+    public static final String TOKEN_AUDIENCE = "audience";
     public static final String TOKEN_SCOPE = "scope";
     public static final String GRANT_TYPE = "grant_type";