From c1002ff745d31db66a229f99c5130607dd605940 Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Wed, 24 May 2023 15:29:15 -0600 Subject: [PATCH] Improve Error Handling Closes gh-13143 --- .../DefaultAuthorizationCodeTokenResponseClient.java | 7 +++++-- ...aultAuthorizationCodeTokenResponseClientTests.java | 11 ++++++++++- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClient.java index a6aafb7a13..d2b7587f90 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClient.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClient.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -80,7 +80,10 @@ public final class DefaultAuthorizationCodeTokenResponseClient // If AccessTokenResponse.scope is empty, then we assume all requested scopes were // granted. // However, we use the explicit scopes returned in the response (if any). - return response.getBody(); + OAuth2AccessTokenResponse tokenResponse = response.getBody(); + Assert.notNull(tokenResponse, + "The authorization server responded to this Authorization Code grant request with an empty body; as such, it cannot be materialized into an OAuth2AccessTokenResponse instance. Please check the HTTP response code in your server logs for more details."); + return tokenResponse; } private ResponseEntity getResponse(RequestEntity request) { diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java index d265828f24..ef56e7fc38 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/DefaultAuthorizationCodeTokenResponseClientTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -235,6 +235,15 @@ public class DefaultAuthorizationCodeTokenResponseClientTests { assertThat(formParameters).contains("client_assertion="); } + // gh-13143 + @Test + public void getTokenResponseWhenTokenEndpointReturnsEmptyBodyThenIllegalArgument() { + this.server.enqueue(new MockResponse().setResponseCode(302)); + ClientRegistration clientRegistration = this.clientRegistration.build(); + assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy( + () -> this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest(clientRegistration))); + } + private void configureJwtClientAuthenticationConverter(Function jwkResolver) { NimbusJwtClientAuthenticationParametersConverter jwtClientAuthenticationConverter = new NimbusJwtClientAuthenticationParametersConverter<>( jwkResolver);