diff --git a/src/main/java/com/uid2/core/service/OperatorJWTTokenProvider.java b/src/main/java/com/uid2/core/service/OperatorJWTTokenProvider.java index 39f4d390..da8f5a67 100644 --- a/src/main/java/com/uid2/core/service/OperatorJWTTokenProvider.java +++ b/src/main/java/com/uid2/core/service/OperatorJWTTokenProvider.java @@ -12,6 +12,7 @@ import java.time.Instant; import java.util.HashMap; import java.util.Set; +import java.util.UUID; import java.util.stream.Collectors; import java.security.MessageDigest; @@ -80,6 +81,7 @@ private String getJWTToken(String issuer, String audience, String operatorKey, S claims.put("enclaveId", enclaveId); claims.put("enclaveType", enclaveType); claims.put("operatorVersion", operatorVersion); + claims.put("jti", UUID.randomUUID().toString()); LOGGER.debug(String.format("Creating token with: Issuer: %s, Audience: %s, Roles: %s, SiteId: %s, EnclaveId: %s, EnclaveType: %s, OperatorVersion: %s", audience, issuer, roleString, siteId, enclaveId, enclaveType, operatorVersion)); return this.jwtTokenProvider.getJWT(expiresAt, this.clock.instant(), claims); diff --git a/src/test/java/com/uid2/core/service/JWTTokenProviderTest.java b/src/test/java/com/uid2/core/service/JWTTokenProviderTest.java index 8a00aeba..a3426643 100644 --- a/src/test/java/com/uid2/core/service/JWTTokenProviderTest.java +++ b/src/test/java/com/uid2/core/service/JWTTokenProviderTest.java @@ -23,6 +23,7 @@ import java.util.Base64; import java.util.HashMap; import java.util.Optional; +import java.util.UUID; import static com.uid2.shared.Utils.readToEndAsString; import static org.junit.jupiter.api.Assertions.*; @@ -53,8 +54,10 @@ void getJwtReturnsValidToken() throws JWTTokenProvider.JwtSigningException { headers.put("c", "d"); HashMap content = new HashMap<>(); + String jti = UUID.randomUUID().toString(); content.put("sub", "subject"); content.put("iss", "issuer"); + content.put("jti", jti); var builder = getBuilder(true, "TestSignature"); JWTTokenProvider provider = new JWTTokenProvider(config, () -> builder); @@ -74,6 +77,7 @@ void getJwtReturnsValidToken() throws JWTTokenProvider.JwtSigningException { contentJson.put("iat", i.getEpochSecond()); contentJson.put("sub", "subject"); contentJson.put("iss", "issuer"); + contentJson.put("jti", jti); assertJWT(defaultHeaders.encode(), contentJson.encode(), expectedSig, result); assertEquals("1234", this.capturedSignRequest.getValue().keyId());