token reuse

mmouly · mmouly · commit 9f48214c9aef · 2024-11-19T09:01:19.000+01:00
diff --git a/authentication/AzureAD/templates/openIdWebSecurity.xml b/authentication/AzureAD/templates/openIdWebSecurity.xml
@@ -6,7 +6,7 @@
   <!-- Open ID Connect -->
   <!-- Client with inbound propagation set to supported -->
   <openidConnectClient authFilterRef="browserAuthFilter" id="odm" scope="openid" accessTokenInLtpaCookie="true"
-                       clientId="AZUREAD_CLIENT_ID" clientSecret="AZUREAD_CLIENT_SECRET"
+                       clientId="AZUREAD_CLIENT_ID" clientSecret="AZUREAD_CLIENT_SECRET" tokenReuse="true"
                        signatureAlgorithm="RS256" inboundPropagation="supported"
                        jwkEndpointUrl="${ServerHost}/discovery/v2.0/keys"
                        issuerIdentifier="${ServerHost}/v2.0"
@@ -16,7 +16,7 @@
 
   <!-- Client with inbound propagation set to required -->
   <openidConnectClient authFilterRef="apiAuthFilter" id="odmapi" scope="openid"
-                       clientId="AZUREAD_CLIENT_ID" clientSecret="AZUREAD_CLIENT_SECRET"
+                       clientId="AZUREAD_CLIENT_ID" clientSecret="AZUREAD_CLIENT_SECRET" tokenReuse="true"
                        signatureAlgorithm="RS256" inboundPropagation="required"
                        jwkEndpointUrl="${ServerHost}/discovery/v2.0/keys"
                        issuerIdentifier="${ServerHost}/v2.0"
diff --git a/authentication/AzureAD/templates_for_privatekeyjwt/openIdWebSecurity.xml b/authentication/AzureAD/templates_for_privatekeyjwt/openIdWebSecurity.xml
@@ -9,7 +9,7 @@
                        clientId="AZUREAD_CLIENT_ID" tokenEndpointAuthMethod="private_key_jwt" keyAliasName="myodmcompany" sslRef="odmDefaultSSLConfig"
                        signatureAlgorithm="RS256" inboundPropagation="supported"
                        jwkEndpointUrl="${ServerHost}/discovery/v2.0/keys"
-                       issuerIdentifier="${ServerHost}/v2.0"
+                       issuerIdentifier="${ServerHost}/v2.0" tokenReuse="true"
                        authorizationEndpointUrl="${ServerHost}/oauth2/v2.0/authorize"
                        tokenEndpointUrl="${ServerHost}/oauth2/v2.0/token"
                        userIdentifier="email" groupIdentifier="groups" audiences="ALL_AUDIENCES"/>
@@ -19,7 +19,7 @@
                        clientId="AZUREAD_CLIENT_ID"
                        signatureAlgorithm="RS256" inboundPropagation="required"
                        jwkEndpointUrl="${ServerHost}/discovery/v2.0/keys"
-                       issuerIdentifier="${ServerHost}/v2.0"
+                       issuerIdentifier="${ServerHost}/v2.0" tokenReuse="true"
                        authorizationEndpointUrl="${ServerHost}/oauth2/v2.0/authorize"
                        tokenEndpointUrl="${ServerHost}/oauth2/v2.0/token"
                        userIdentifier="identity" groupIdentifier="groups" audiences="ALL_AUDIENCES"/>
