Franco's version support

gms/src/main/java/it/inaf/ia2/gms/GmsApplication.java

 package it.inaf.ia2.gms;
 
+import it.inaf.ia2.aa.AuthConfig;
+import it.inaf.ia2.aa.ServiceLocator;
+import it.inaf.ia2.aa.UriCustomizer;
+import it.inaf.ia2.aa.jwt.QueryStringBuilder;
+import static it.inaf.ia2.gms.authn.ClientDbFilter.CLIENT_DB;
+import it.inaf.ia2.gms.exception.BadRequestException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.Configuration;
@@ -12,5 +20,47 @@ public class GmsApplication {
 
     public static void main(String[] args) {
         SpringApplication.run(GmsApplication.class, args);
+
+        AuthConfig authConfig = ServiceLocator.getInstance().getConfig();
+
+        final String defaultAuthorizationUri = authConfig.getUserAuthorizationUri();
+
+        authConfig.setAuthorizationUriCustomizer(new UriCustomizer() {
+
+            @Override
+            public String getBaseUri(HttpServletRequest req) {
+                // for a better security we should check for allowed redirects
+                String redirect = req.getParameter("redirect");
+                if (redirect != null) {
+                    return redirect;
+                }
+                return defaultAuthorizationUri;
+            }
+
+            @Override
+            public void customizeQueryString(HttpServletRequest req, QueryStringBuilder queryStringBuilder) {
+                String clientDb = req.getParameter(CLIENT_DB);
+                if (clientDb == null) {
+                    HttpSession session = req.getSession(false);
+                    if (session != null) {
+                        clientDb = (String) session.getAttribute(CLIENT_DB);
+                    }
+                }
+                if (clientDb == null) {
+                    throw new BadRequestException("client_db not set");
+                }
+                queryStringBuilder.param(CLIENT_DB, clientDb);
+            }
+        });
+
+        final String defaultAccessTokenUri = authConfig.getAccessTokenUri();
+
+        authConfig.setAccessTokenUriCustomizer(req -> {
+            String redirect = req.getParameter("token_uri");
+            if (redirect != null) {
+                return redirect;
+            }
+            return defaultAccessTokenUri;
+        });
     }
 }

gms/src/main/java/it/inaf/ia2/gms/authn/ClientDbFilter.java

 package it.inaf.ia2.gms.authn;
 
+import it.inaf.ia2.aa.ServiceLocator;
+import it.inaf.ia2.aa.jwt.JwksClient;
 import java.io.IOException;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 public class ClientDbFilter implements Filter {
 
-    private static final String CLIENT_DB = "client_db";
+    public static final String CLIENT_DB = "client_db";
+
+    private String defaultJwksUri;
+    private JwksClient jwksClient;
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        defaultJwksUri = ServiceLocator.getInstance().getConfig().getJwksUri();
+        jwksClient = ServiceLocator.getInstance().getJwksClient();
+    }
 
     @Override
     public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc) throws IOException, ServletException {
+
         HttpServletRequest request = (HttpServletRequest) req;
+        HttpServletResponse response = (HttpServletResponse) res;
+
         String clientDb = request.getParameter(CLIENT_DB);
         if (clientDb != null) {
             request.getSession().setAttribute(CLIENT_DB, clientDb);
+            String newUrl = defaultJwksUri.replaceAll("\\?client_name=(.*)", "?client_name=" + clientDb);
+            jwksClient.addJwksUrl(newUrl);
         }
+
         fc.doFilter(req, res);
     }
 }

gms/src/main/java/it/inaf/ia2/gms/controller/HomePageController.java

 package it.inaf.ia2.gms.controller;
 
+import static it.inaf.ia2.gms.authn.ClientDbFilter.CLIENT_DB;
 import it.inaf.ia2.gms.authn.SessionData;
 import it.inaf.ia2.gms.exception.UnauthorizedException;
 import it.inaf.ia2.gms.manager.InvitedRegistrationManager;
@@ -93,8 +94,9 @@ public class HomePageController {
 
     @GetMapping(value = "/logout", produces = MediaType.TEXT_HTML_VALUE)
     public void logout(HttpSession httpSession, HttpServletResponse response) throws IOException {
+        String clientDB = (String) httpSession.getAttribute(CLIENT_DB);
         httpSession.invalidate();
         String baseUrl = ServletUriComponentsBuilder.fromCurrentContextPath().build().toUriString();
-        response.sendRedirect(baseUrl);
+        response.sendRedirect(baseUrl + "?client_db=" + clientDB);
     }
 }