Read Pvt Key JWT value from consumer app.

wso2-extensions · Jun 28, 2024 · 97a9292 · 97a9292
1 parent eb412ae
commit 97a9292
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 5 deletions.
diff --git a/...carbon/identity/oauth2/token/handler/clientauth/jwt/PrivateKeyJWTClientAuthenticator.java b/...carbon/identity/oauth2/token/handler/clientauth/jwt/PrivateKeyJWTClientAuthenticator.java
@@ -41,6 +41,7 @@
 
 import static org.apache.commons.lang.StringUtils.isEmpty;
 import static org.apache.commons.lang.StringUtils.isNotEmpty;
+import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.DEFAULT_VALUE_FOR_PREVENT_TOKEN_REUSE;
 import static org.wso2.carbon.identity.oauth2.token.handler.clientauth.jwt.Constants.AUDIENCE_CLAIM;
 import static org.wso2.carbon.identity.oauth2.token.handler.clientauth.jwt.Constants.DEFAULT_ENABLE_JTI_CACHE;
 import static org.wso2.carbon.identity.oauth2.token.handler.clientauth.jwt.Constants.DEFAULT_AUDIENCE;
@@ -69,7 +70,7 @@ public class PrivateKeyJWTClientAuthenticator extends AbstractOAuthClientAuthent
     private JWTValidator jwtValidator;
 
     private int rejectBeforePeriod = DEFAULT_VALIDITY_PERIOD_IN_MINUTES;
-    private boolean preventTokenReuse = true;
+    private boolean preventTokenReuse = DEFAULT_VALUE_FOR_PREVENT_TOKEN_REUSE;
     private String tokenEPAlias = DEFAULT_AUDIENCE;
 
     public PrivateKeyJWTClientAuthenticator() {

diff --git a/.../org/wso2/carbon/identity/oauth2/token/handler/clientauth/jwt/validator/JWTValidator.java b/.../org/wso2/carbon/identity/oauth2/token/handler/clientauth/jwt/validator/JWTValidator.java
@@ -205,9 +205,7 @@ public boolean isValidAssertion(SignedJWT signedJWT, String requestUrl) throws O
                         consumerKey, OAuth2ErrorCodes.SERVER_ERROR);
             }
 
-            preventTokenReuse = !JWTServiceDataHolder.getInstance()
-                    .getPrivateKeyJWTAuthenticationConfigurationDAO()
-                    .getPrivateKeyJWTClientAuthenticationConfigurationByTenantDomain(tenantDomain).isEnableTokenReuse();
+            preventTokenReuse = !oAuthAppDO.isTokenEndpointAllowReusePvtKeyJwt();
 
             //Validate signature validation, audience, nbf,exp time, jti.
             if (!validateAudience(acceptedAudienceList, audience)
@@ -224,7 +222,7 @@ public boolean isValidAssertion(SignedJWT signedJWT, String requestUrl) throws O
 
         } catch (IdentityOAuth2Exception e) {
             return logAndThrowException(e.getMessage(), e.getErrorCode());
-        } catch (UserStoreException | JWTClientAuthenticatorServiceServerException e) {
+        } catch (UserStoreException e) {
             return logAndThrowException(e.getMessage());
         }
     }