Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Issue #8216 - changes from review 

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
This commit is contained in:
Lachlan Roberts 2022-07-04 13:44:56 +10:00
parent 057519f985
commit ec14acb322
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
jetty-openid/src/main/java/org/eclipse/jetty/security/openid/OpenIdConfiguration.java
View File

@ -128,17 +128,19 @@ public class OpenIdConfiguration extends ContainerLifeCycle
* Process the OpenID Connect metadata discovered by {@link #fetchOpenIdConnectMetadata()}. * Process the OpenID Connect metadata discovered by {@link #fetchOpenIdConnectMetadata()}.
* By default, only the {@link #AUTHORIZATION_ENDPOINT} and {@link #TOKEN_ENDPOINT} claims are extracted. * By default, only the {@link #AUTHORIZATION_ENDPOINT} and {@link #TOKEN_ENDPOINT} claims are extracted.
* @see <a href="https://openid.net/specs/openid-connect-discovery-1_0.html">OpenID Connect Discovery 1.0</a> * @see <a href="https://openid.net/specs/openid-connect-discovery-1_0.html">OpenID Connect Discovery 1.0</a>
* @throws IllegalStateException if a required field is not present in the metadata.
*/ */
protected void processMetadata(Map<String, Object> discoveryDocument) protected void processMetadata(Map<String, Object> discoveryDocument)
{ {
authEndpoint = (String)discoveryDocument.get(AUTHORIZATION_ENDPOINT); authEndpoint = (String)discoveryDocument.get(AUTHORIZATION_ENDPOINT);
if (authEndpoint == null) if (authEndpoint == null)
throw new IllegalArgumentException(AUTHORIZATION_ENDPOINT); throw new IllegalStateException(AUTHORIZATION_ENDPOINT);
tokenEndpoint = (String)discoveryDocument.get(TOKEN_ENDPOINT); tokenEndpoint = (String)discoveryDocument.get(TOKEN_ENDPOINT);
if (tokenEndpoint == null) if (tokenEndpoint == null)
throw new IllegalArgumentException(TOKEN_ENDPOINT); throw new IllegalStateException(TOKEN_ENDPOINT);
// We are lenient and not throw here as some major OIDC providers do not conform to this.
if (!Objects.equals(discoveryDocument.get(ISSUER), issuer)) if (!Objects.equals(discoveryDocument.get(ISSUER), issuer))
LOG.warn("The issuer in the metadata is not correct."); LOG.warn("The issuer in the metadata is not correct.");
} }
@ -146,6 +148,7 @@ public class OpenIdConfiguration extends ContainerLifeCycle
/** /**
* Obtain the JSON metadata from OpenID Connect Discovery Configuration Endpoint. * Obtain the JSON metadata from OpenID Connect Discovery Configuration Endpoint.
* @return a set of Claims about the OpenID Provider's configuration in JSON format. * @return a set of Claims about the OpenID Provider's configuration in JSON format.
* @throws IllegalStateException if metadata could not be fetched from the OP.
*/ */
protected Map<String, Object> fetchOpenIdConnectMetadata() protected Map<String, Object> fetchOpenIdConnectMetadata()
{ {
@ -177,7 +180,7 @@ public class OpenIdConfiguration extends ContainerLifeCycle
} }
catch (Exception e) catch (Exception e)
{ {
throw new IllegalArgumentException("invalid identity provider " + provider, e); throw new IllegalStateException("invalid identity provider " + provider, e);
} }
} }