From 04f81689df274e07202ad7ac0e08fb9414a6e9ed Mon Sep 17 00:00:00 2001 From: Sergey Beryozkin Date: Fri, 13 Oct 2023 18:27:00 +0100 Subject: [PATCH] Explain in JWTCallerPrincipal#getName JavaDocs that this method may not return a unique principal name --- .../jwt/auth/principal/JWTCallerPrincipal.java | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/implementation/jwt-auth/src/main/java/io/smallrye/jwt/auth/principal/JWTCallerPrincipal.java b/implementation/jwt-auth/src/main/java/io/smallrye/jwt/auth/principal/JWTCallerPrincipal.java index 8d5516de..1f0f3d44 100644 --- a/implementation/jwt-auth/src/main/java/io/smallrye/jwt/auth/principal/JWTCallerPrincipal.java +++ b/implementation/jwt-auth/src/main/java/io/smallrye/jwt/auth/principal/JWTCallerPrincipal.java @@ -49,6 +49,17 @@ public JWTCallerPrincipal(String rawToken, String tokenType) { this.tokenType = tokenType; } + /** + * {@inheritDoc} + * + * Note that this method is not guaranteed to return the unique principal name + * as documented in the {@link JsonWebToken#getName()} if the "upn" claim is not available + * but the next fallback claim, the "preferred_username" claim is. + * This is due to the fact that a standard OpenId Connect "preferred_username" claim value + * is not guaranteed to be unique. + * Use {@link JsonWebToken#getSubject()} or {@link JsonWebToken#getClaim("upn")} to get a unique + * identifier. + */ @Override public String getName() { String principalName = getClaim(Claims.upn.name()); @@ -62,6 +73,9 @@ public String getName() { } @Override + /** + * {@inheritDoc} + */ public Set getClaimNames() { Set names = new HashSet<>(doGetClaimNames()); names.add(Claims.raw_token.name()); @@ -70,6 +84,9 @@ public Set getClaimNames() { protected abstract Collection doGetClaimNames(); + /** + * {@inheritDoc} + */ @Override public T getClaim(String claimName) { @SuppressWarnings("unchecked")