From 3490d5ea18914b372f3a5ad3b3d05a726eb42a66 Mon Sep 17 00:00:00 2001
From: Steve Hu <stevehu@gmail.com>
Date: Tue, 9 Jan 2024 13:17:02 -0500
Subject: [PATCH] fixes #2070 update claim version to ver (#2071)

---
 .../com/networknt/security/JwtIssuer.java     |  6 ++--
 .../com/networknt/security/JwtIssuerTest.java | 36 +++++++++++++++++++
 2 files changed, 38 insertions(+), 4 deletions(-)

diff --git a/security/src/main/java/com/networknt/security/JwtIssuer.java b/security/src/main/java/com/networknt/security/JwtIssuer.java
index 51eca9699f..031a2e4f4a 100644
--- a/security/src/main/java/com/networknt/security/JwtIssuer.java
+++ b/security/src/main/java/com/networknt/security/JwtIssuer.java
@@ -79,7 +79,6 @@ public static String getJwt(JwtClaims claims, String kid, PrivateKey privateKey)
      * @return JwtClaims
      */
     public static JwtClaims getDefaultJwtClaims() {
-
         JwtClaims claims = new JwtClaims();
 
         claims.setIssuer(jwtConfig.getIssuer());
@@ -88,7 +87,7 @@ public static JwtClaims getDefaultJwtClaims() {
         claims.setGeneratedJwtId(); // a unique identifier for the token
         claims.setIssuedAtToNow();  // when the token was issued/created (now)
         claims.setNotBeforeMinutesInThePast(2); // time before which the token is not yet valid (2 minutes ago)
-        claims.setClaim("version", jwtConfig.getVersion());
+        claims.setClaim("ver", jwtConfig.getVersion());
         return claims;
 
     }
@@ -99,7 +98,6 @@ public static JwtClaims getDefaultJwtClaims() {
      * @return JwtClaims
      */
     public static JwtClaims getJwtClaimsWithExpiresIn(int expiresIn) {
-
         JwtClaims claims = new JwtClaims();
 
         claims.setIssuer(jwtConfig.getIssuer());
@@ -108,7 +106,7 @@ public static JwtClaims getJwtClaimsWithExpiresIn(int expiresIn) {
         claims.setGeneratedJwtId(); // a unique identifier for the token
         claims.setIssuedAtToNow();  // when the token was issued/created (now)
         claims.setNotBeforeMinutesInThePast(2); // time before which the token is not yet valid (2 minutes ago)
-        claims.setClaim("version", jwtConfig.getVersion());
+        claims.setClaim("ver", jwtConfig.getVersion());
         return claims;
     }
 
diff --git a/security/src/test/java/com/networknt/security/JwtIssuerTest.java b/security/src/test/java/com/networknt/security/JwtIssuerTest.java
index cbd2256583..8de4212319 100644
--- a/security/src/test/java/com/networknt/security/JwtIssuerTest.java
+++ b/security/src/test/java/com/networknt/security/JwtIssuerTest.java
@@ -210,6 +210,18 @@ public void longlivedCcLocalPortalWithScp() throws Exception {
         System.out.println("***Long lived token for portal lightapi***: " + jwt);
     }
 
+    /**
+     * The returned token contains scp as the key for the scope. Some OAuth 2.0 provider like Okta use this claim. All scopes are separated by comma.
+     * @throws Exception
+     */
+    @Test
+    public void longlivedCcPetstoreWithScp() throws Exception {
+        JwtClaims claims = ClaimsUtil.getTestCcClaimsWithScp("f7d42348-c647-4efb-a52d-4c5787421e73", Arrays.asList("write:pets", "read:pets"));
+        claims.setExpirationTimeMinutesInTheFuture(5256000);
+        String jwt = JwtIssuer.getJwt(claims, long_kid, KeyUtil.deserializePrivateKey(long_key, KeyUtil.RSA));
+        System.out.println("***Long lived token for portal lightapi***: " + jwt);
+    }
+
     /**
      * The returned token contains scope as the key for the scope. All scopes are separated by space.
      * @throws Exception
@@ -222,6 +234,30 @@ public void longlivedCcLocalPortalScope() throws Exception {
         System.out.println("***Long lived token for portal lightapi***: " + jwt);
     }
 
+    /**
+     * The returned token contains scope as the key for the scope. All scopes are separated by space.
+     * @throws Exception
+     */
+    @Test
+    public void longlivedCcPetstoreScope() throws Exception {
+        JwtClaims claims = ClaimsUtil.getTestCcClaimsScope("f7d42348-c647-4efb-a52d-4c5787421e73", "write:pets read:pets");
+        claims.setExpirationTimeMinutesInTheFuture(5256000);
+        String jwt = JwtIssuer.getJwt(claims, long_kid, KeyUtil.deserializePrivateKey(long_key, KeyUtil.RSA));
+        System.out.println("***Long lived token for portal lightapi***: " + jwt);
+    }
+
+    /**
+     * The returned token contains scope as the key for the scope. All scopes are separated by space.
+     * @throws Exception
+     */
+    @Test
+    public void longlivedCcPetstoreScpString() throws Exception {
+        JwtClaims claims = ClaimsUtil.getTestCcClaimsScopeScp("f7d42348-c647-4efb-a52d-4c5787421e73", "write:pets read:pets");
+        claims.setExpirationTimeMinutesInTheFuture(5256000);
+        String jwt = JwtIssuer.getJwt(claims, long_kid, KeyUtil.deserializePrivateKey(long_key, KeyUtil.RSA));
+        System.out.println("***Long lived token for portal lightapi***: " + jwt);
+    }
+
     /**
      * The returned token contains scope as the key for the scope. All scopes are separated by space.
      * @throws Exception