AuthenticationRequest fails to parse request with redirect_uri in request object
Issue #113
resolved
AuthenticationRequest.parse throws an exception if it can't find a redirect_uri parameter in the query. This is too strict, as although the redirect_uri is required, it is permitted to pass it via the request or request_uri parameters instead of including it in the URI.
An example of this is shown in section 6.2.2: http://openid.net/specs/openid-connect-core-1_0.html#UseRequestUri
This code attempts to parse the query from the example in 6.2.2, but fails with a ParseException at line 1050:
String query =
"response_type=code%20id_token" +
"&client_id=s6BhdRkqt3" +
"&request_uri=https%3A%2F%2Fclient.example.org%2Frequest.jwt" +
"%23GkurKxf5T0Y-mnPFCHqWOMiZi4VS138cQO_V7PZHAdM" +
"&state=af0ifjsldkj&nonce=n-0S6_WzA2Mj" +
"&scope=openid";
AuthenticationRequest request = AuthenticationRequest.parse(query);
Comments (3)
-
-
- changed status to open
-
- changed status to resolved
Fixed in commit 5569c96.
- Log in to comment
Thanks for reporting this. We'll check the code to see how this can be fixed.