1. connect2id Avatar connect2id
  2. OAuth
  3. OAuth 2.0 SDK with OpenID Connect extensions
  4. Issues

In com.nimbusds.openid.connect.sdk.AuthenticationRequest, privateKeyJWTAuth is still parsed but not used

Issue #307 resolved
D Laurent created an issue

In com.nimbusds.openid.connect.sdk.AuthenticationRequest, privateKeyJWTAuth is still parsed but not used.

{code}PrivateKeyJWT privateKeyJWTAuth = null;
if (params.containsKey("client_assertion") &&
params.containsKey("client_assertion_type") &&
JWTAuthentication.CLIENT_ASSERTION_TYPE.equals(MultivaluedMapUtils.getFirstValue(params, "client_assertion_type"))) {

try {
privateKeyJWTAuth = PrivateKeyJWT.parse(params);
} catch (ParseException e) {
String msg = "Invalid client private_key_jwt authentication: " + e.getMessage();
throw new ParseException(msg, OAuth2Error.INVALID_REQUEST.appendDescription(": " + msg),
ar.getClientID(), ar.getRedirectionURI(), ar.impliedResponseMode(), ar.getState());
}
}{code}

privateKeyJWTAuth is not stored, so seems like dead code resulting from the removal of the privateKeyJWTAuth field for OIDC Federation.

Comments (2)

  3. Log in to comment
Assignee
Type
bug
Priority
minor
Status
resolved
Milestone
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!