You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2021/01/26 08:11:04 UTC

[cxf] branch 3.4.x-fixes updated: CXF-8413 - Throw an error if there is no IdToken available for the Implicit/Hybrid flows if required

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 3.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/3.4.x-fixes by this push:
     new 474b8c2  CXF-8413 - Throw an error if there is no IdToken available for the Implicit/Hybrid flows if required
474b8c2 is described below

commit 474b8c2c9c7e6fa0cffc01ec9cf5a18b5f7e5f4c
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Jan 26 07:05:36 2021 +0000

    CXF-8413 - Throw an error if there is no IdToken available for the Implicit/Hybrid flows if required
    
    (cherry picked from commit 6255de2a14e5e7ba06e490dcb54eaa0b8c1ebe99)
---
 .../org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
index bf84bcd..b2cfb73 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
@@ -29,6 +29,7 @@ import java.util.logging.Level;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
 
+import org.apache.cxf.jaxrs.utils.ExceptionUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
@@ -134,7 +135,11 @@ public class OidcImplicitService extends ImplicitGrantService {
                                              getApprovedScope(requestedScope, approvedScope));
         if (idToken != null) {
             sb.append(OidcUtils.ID_TOKEN).append('=').append(idToken);
+        } else if (state.getResponseType().contains(OidcUtils.ID_TOKEN_RESPONSE_TYPE)) {
+            LOG.warning("No IdToken available. Did you configure a IdTokenProvider implementation?");
+            throw ExceptionUtils.toInternalServerErrorException(null, null);
         }
+
         finalizeResponse(sb, state);
         return sb;
     }
@@ -153,6 +158,10 @@ public class OidcImplicitService extends ImplicitGrantService {
         // id_token response type processing
         String idToken = getProcessedIdToken(state, userSubject,
                                              getApprovedScope(requestedScope, approvedScope));
+        if (idToken == null && state.getResponseType().contains(OidcUtils.ID_TOKEN_RESPONSE_TYPE)) {
+            LOG.warning("No IdToken available. Did you configure a IdTokenProvider implementation?");
+            throw ExceptionUtils.toInternalServerErrorException(null, null);
+        }
         FormIdTokenResponse response = new FormIdTokenResponse();
         response.setIdToken(idToken);
         response.setResponseType(state.getResponseType());