You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2021/01/26 08:11:04 UTC
[cxf] branch 3.4.x-fixes updated: CXF-8413 - Throw an error if
there is no IdToken available for the Implicit/Hybrid flows if required
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/3.4.x-fixes by this push:
new 474b8c2 CXF-8413 - Throw an error if there is no IdToken available for the Implicit/Hybrid flows if required
474b8c2 is described below
commit 474b8c2c9c7e6fa0cffc01ec9cf5a18b5f7e5f4c
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Jan 26 07:05:36 2021 +0000
CXF-8413 - Throw an error if there is no IdToken available for the Implicit/Hybrid flows if required
(cherry picked from commit 6255de2a14e5e7ba06e490dcb54eaa0b8c1ebe99)
---
.../org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
index bf84bcd..b2cfb73 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
@@ -29,6 +29,7 @@ import java.util.logging.Level;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
+import org.apache.cxf.jaxrs.utils.ExceptionUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
@@ -134,7 +135,11 @@ public class OidcImplicitService extends ImplicitGrantService {
getApprovedScope(requestedScope, approvedScope));
if (idToken != null) {
sb.append(OidcUtils.ID_TOKEN).append('=').append(idToken);
+ } else if (state.getResponseType().contains(OidcUtils.ID_TOKEN_RESPONSE_TYPE)) {
+ LOG.warning("No IdToken available. Did you configure a IdTokenProvider implementation?");
+ throw ExceptionUtils.toInternalServerErrorException(null, null);
}
+
finalizeResponse(sb, state);
return sb;
}
@@ -153,6 +158,10 @@ public class OidcImplicitService extends ImplicitGrantService {
// id_token response type processing
String idToken = getProcessedIdToken(state, userSubject,
getApprovedScope(requestedScope, approvedScope));
+ if (idToken == null && state.getResponseType().contains(OidcUtils.ID_TOKEN_RESPONSE_TYPE)) {
+ LOG.warning("No IdToken available. Did you configure a IdTokenProvider implementation?");
+ throw ExceptionUtils.toInternalServerErrorException(null, null);
+ }
FormIdTokenResponse response = new FormIdTokenResponse();
response.setIdToken(idToken);
response.setResponseType(state.getResponseType());