- changed status to open
IDDocumentEvidence.parse() throws exception, if optional elements are missing
Issue #305
resolved
According to OpenID Connect for Identity Assurance 1.0, section 5.1.1.1 and the corresponding JSON schema, only the type element is required in an id_document evidence. However, com.nimbusds.openid.connect.sdk.assurance.evidences.IDDocumentEvidence.parse(JSONObject) throws a ParseException if the method element is missing.
As a result com.nimbusds.openid.connect.sdk.claims.UserInfo.getVerifiedClaims() returns null, if the claims set contains an ID document evidence that has no method element.
By the way, the same problem goes for the document element, which is optional, too.
To fix this,
-
com.nimbusds.openid.connect.sdk.assurance.evidences.IDDocumentEvidence.<init>(IdentityVerificationMethod, IdentityVerifier, DateWithTimeZoneOffset, IDDocumentDescription)must not assert thatmethodandidDocumentare not null. -
com.nimbusds.openid.connect.sdk.assurance.evidences.IDDocumentEvidence.parse(JSONObject)must initializemethodandidDocumentonly if the input JSON document has the corresponding members. -
com.nimbusds.openid.connect.sdk.assurance.evidences.IDDocumentEvidence.toJSONObject()must not addmethodanddocumentto the JSON object if the corresponding fields are null.
Comments (2)
-
-
- changed status to resolved
Fixed in 7d7dc29, released in 8.16.1.
Happy coding,
- Log in to comment
Thanks for the detailed report!