OidcConfigurationProvider improve invalid issuer error

Issue: gh-5355
2018-05-18 11:21:45 -05:00 · 2018-05-18 11:21:45 -05:00 · db889973a8
parent 18c8af8f0d
commit db889973a8
2 changed files with 15 additions and 2 deletions
--- a/config/src/main/java/org/springframework/security/config/oauth2/client/oidc/OidcConfigurationProvider.java
+++ b/config/src/main/java/org/springframework/security/config/oauth2/client/oidc/OidcConfigurationProvider.java
@ -68,8 +68,7 @@ public final class OidcConfigurationProvider {
 	 * @return a {@link ClientRegistration.Builder} that was initialized by the OpenID Provider Configuration.
 	 */
 	public static ClientRegistration.Builder issuer(String issuer) {
-		RestTemplate rest = new RestTemplate();
-		String openidConfiguration = rest.getForObject(issuer + "/.well-known/openid-configuration", String.class);
+		String openidConfiguration = getOpenidConfiguration(issuer);
 		OIDCProviderMetadata metadata = parse(openidConfiguration);
 		String name = URI.create(issuer).getHost();
 		ClientAuthenticationMethod method = getClientAuthenticationMethod(issuer, metadata.getTokenEndpointAuthMethods());
@ -92,6 +91,14 @@ public final class OidcConfigurationProvider {
 				.clientName(issuer);
 	}

+	private static String getOpenidConfiguration(String issuer) {
+		RestTemplate rest = new RestTemplate();
+		try {
+			return rest.getForObject(issuer + "/.well-known/openid-configuration", String.class);
+		} catch(RuntimeException e) {
+			throw new IllegalArgumentException("Unable to resolve the OpenID Configuration with the provided Issuer of \"" + issuer + "\"", e);
+		}
+	}

 	private static ClientAuthenticationMethod getClientAuthenticationMethod(String issuer, List<com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod> metadataAuthMethods) {
 		if (metadataAuthMethods == null || metadataAuthMethods.contains(com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod.CLIENT_SECRET_BASIC)) {
--- a/config/src/test/java/org/springframework/security/config/oauth2/client/oidc/OidcConfigurationProviderTests.java
+++ b/config/src/test/java/org/springframework/security/config/oauth2/client/oidc/OidcConfigurationProviderTests.java
@ -202,6 +202,12 @@ public class OidcConfigurationProviderTests {
 				.hasMessageContaining("Only ClientAuthenticationMethod.BASIC and ClientAuthenticationMethod.POST are supported. The issuer \"" + this.issuer + "\" returned a configuration of [tls_client_auth]");
 	}

+	@Test
+	public void issuerWhenEmptyStringThenMeaningfulErrorMessage() {
+		assertThatThrownBy(() -> OidcConfigurationProvider.issuer(""))
+			.hasMessageContaining("Unable to resolve the OpenID Configuration with the provided Issuer of \"\"");
+	}
+
 	private ClientRegistration registration(String path) throws Exception {
 		String body = this.mapper.writeValueAsString(this.response);
 		MockResponse mockResponse = new MockResponse()