Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Issue #8216 - make processing of metadata in OpenIdConfiguration extensible 

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
This commit is contained in:
Lachlan Roberts 2022-06-29 18:24:51 +10:00
parent 2dfbea1bc4
commit b2aa22fd8f
1 changed files with 25 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
jetty-openid/src/main/java/org/eclipse/jetty/security/openid/OpenIdConfiguration.java
View File

@ -116,35 +116,33 @@ public class OpenIdConfiguration extends ContainerLifeCycle
if (authEndpoint == null || tokenEndpoint == null)
{
Map<String, Object> discoveryDocument = fetchOpenIdConnectMetadata(issuer, httpClient);
authEndpoint = (String)discoveryDocument.get("authorization_endpoint");
if (authEndpoint == null)
throw new IllegalArgumentException("authorization_endpoint");
tokenEndpoint = (String)discoveryDocument.get("token_endpoint");
if (tokenEndpoint == null)
throw new IllegalArgumentException("token_endpoint");
if (!Objects.equals(discoveryDocument.get("issuer"), issuer))
LOG.warn("The issuer in the metadata is not correct.");
Map<String, Object> discoveryDocument = fetchOpenIdConnectMetadata();
processMetadata(discoveryDocument);
}
}
private static HttpClient newHttpClient()
protected void processMetadata(Map<String, Object> discoveryDocument)
{
ClientConnector connector = new ClientConnector();
connector.setSslContextFactory(new SslContextFactory.Client(false));
return new HttpClient(new HttpClientTransportOverHTTP(connector));
authEndpoint = (String)discoveryDocument.get("authorization_endpoint");
if (authEndpoint == null)
throw new IllegalArgumentException("authorization_endpoint");
tokenEndpoint = (String)discoveryDocument.get("token_endpoint");
if (tokenEndpoint == null)
throw new IllegalArgumentException("token_endpoint");
if (!Objects.equals(discoveryDocument.get("issuer"), issuer))
LOG.warn("The issuer in the metadata is not correct.");
}
private static Map<String, Object> fetchOpenIdConnectMetadata(String provider, HttpClient httpClient)
protected Map<String, Object> fetchOpenIdConnectMetadata()
{
String provider = issuer;
if (provider.endsWith("/"))
provider = provider.substring(0, provider.length() - 1);
try
{
if (provider.endsWith("/"))
provider = provider.substring(0, provider.length() - 1);
Map<String, Object> result;
String responseBody = httpClient.GET(provider + CONFIG_PATH).getContentAsString();
Object parsedResult = new JSON().fromJSON(responseBody);
@ -227,6 +225,13 @@ public class OpenIdConfiguration extends ContainerLifeCycle
this.authenticateNewUsers = authenticateNewUsers;
}
private static HttpClient newHttpClient()
{
ClientConnector connector = new ClientConnector();
connector.setSslContextFactory(new SslContextFactory.Client(false));
return new HttpClient(new HttpClientTransportOverHTTP(connector));
}
@Override
public String toString()
{