Skip to content

Commit

Permalink
Explain in JWTCallerPrincipal#getName JavaDocs that this method may n…
Browse files Browse the repository at this point in the history
…ot return a unique principal name
  • Loading branch information
sberyozkin committed Oct 16, 2023
1 parent 3d22364 commit 04f8168
Showing 1 changed file with 17 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,17 @@ public JWTCallerPrincipal(String rawToken, String tokenType) {
this.tokenType = tokenType;
}

/**
* {@inheritDoc}
*
* Note that this method is not guaranteed to return the unique principal name
* as documented in the {@link JsonWebToken#getName()} if the "upn" claim is not available
* but the next fallback claim, the "preferred_username" claim is.
* This is due to the fact that a standard OpenId Connect "preferred_username" claim value
* is not guaranteed to be unique.
* Use {@link JsonWebToken#getSubject()} or {@link JsonWebToken#getClaim("upn")} to get a unique
* identifier.
*/
@Override
public String getName() {
String principalName = getClaim(Claims.upn.name());
Expand All @@ -62,6 +73,9 @@ public String getName() {
}

@Override
/**
* {@inheritDoc}
*/
public Set<String> getClaimNames() {
Set<String> names = new HashSet<>(doGetClaimNames());
names.add(Claims.raw_token.name());
Expand All @@ -70,6 +84,9 @@ public Set<String> getClaimNames() {

protected abstract Collection<String> doGetClaimNames();

/**
* {@inheritDoc}
*/
@Override
public <T> T getClaim(String claimName) {
@SuppressWarnings("unchecked")
Expand Down

0 comments on commit 04f8168

Please sign in to comment.