AuthenticationResponseParser does not support relative URIs as documented
The documentation for com.nimbusds.openid.connect.sdk.AuthenticationResponseParser.parse(URI) claims support for relative URIs of the form "http://?code=Qcb0Orv1...&state=af0ifjsldkj", but when using such an URI the following stacktrace is the result:
java.lang.IllegalArgumentException: The redirection URI must not be null
at com.nimbusds.oauth2.sdk.AuthorizationResponse.<init>(AuthorizationResponse.java:62)
at com.nimbusds.oauth2.sdk.AuthorizationSuccessResponse.<init>(AuthorizationSuccessResponse.java:83)
at com.nimbusds.oauth2.sdk.AuthorizationSuccessResponse.parse(AuthorizationSuccessResponse.java:215)
at com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse.parse(AuthenticationSuccessResponse.java:215)
at com.nimbusds.openid.connect.sdk.AuthenticationResponseParser.parse(AuthenticationResponseParser.java:48)
at com.nimbusds.openid.connect.sdk.AuthenticationResponseParser.parse(AuthenticationResponseParser.java:100)
Comments (6)
-
-
- changed status to open
-
- changed status to invalid
Please use
https:///path/
instead ofhttps://path/
.See commit b591c9a for a test case.
Happy coding!
-
reporter Thanks for the clarification! Might be worth updating the docs too, see https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/src/d72f51dd540fe403bd4c20e750e4a52f2080b4f1/src/main/java/com/nimbusds/openid/connect/sdk/AuthenticationResponseParser.java?at=master&fileviewer=file-view-default#AuthenticationResponseParser.java-59 (the example is missing the triple slash after the scheme of the URL).
-
Yep, we noticed the docs were actually in error, in several places: see commit f0a2c7f.
Thanks,
-
reporter Thanks for the quick fixes!
- Log in to comment
Thanks for reporting this. We need to check what is the right course of action here.