1. connect2id Avatar connect2id
  2. OAuth
  3. OAuth 2.0 SDK with OpenID Connect extensions
  4. Issues

Exception thrown when calling AuthorizationServerMetadata.parse

Issue #373 invalid
Shaoyun Li created an issue

When AuthorizationServerMetadata.parse is called at the line 2041-2042 of AuthorizationServerMetadata.java (https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/annotate/master/src/main/java/com/nimbusds/oauth2/sdk/as/AuthorizationServerMetadata.java?at=master), a ParseException is thrown: Unexpected type of JSON object member with key "mtls_endpoint_aliases".

This is because in the code

if (jsonObject.get("mtls_endpoint_aliases") != null)
            as.mtlsEndpointAliases = AuthorizationServerEndpointMetadata.parse(JSONObjectUtils.getJSONObject(jsonObject, "mtls_endpoint_aliases"));

JSONObjectUtils.getJSONObject(jsonObject, "mtls_endpoint_aliases") returns a LinkedHashMap rather than JSONObject. However AuthorizationServerEndpointMetadata.parse expects a JSONObject.

The correct code in the line 2042 should convert the LinkedHashMap to JSONObject and then pass it to the parse function, for example,

AuthorizationServerEndpointMetadata.parse(JSONObjectUtils.parse(JSONObject.toJSONString((LinkedHashMap)jsonObject.get("mtls_endpoint_aliases"))))

We are currently completely stuck with this error when using the SDK in our project. Could you please have a look if it can be fixed and issued quickly so that we can make a progress on our project.

Thanks very much!

Comments (13)

  4. Yavor Vasilev

    Can you paste a mini test that shows the bug?

    Added a round - trip test that does parsing from String and JSONObject and there is no unexpected exception: b519b418

  5. Shaoyun Li reporter

    I just found out the issue is not a real problem. For some reason, the SDK installed in our project was the version 7.1.3 rather than the version 9.9.1 we tried to use. It might be caused by the dependency installation of a SDK referenced by our project. When we correctly upgraded the package, the ParseException was gone.

    Thanks a lot for looking into it. Could you please close the ticket?

  6. Shaoyun Li reporter

    Due to the out of date version used wrongly, the issue is not an problem anymore. Sorry for raising the issue without checking the version carefully.

  7. Yavor Vasilev

    That's alright. Every now and then we get issues reported that end up resolving when the correct version is applied.

  8. Daniel Scheibe

    Hello,

    i’ve faced this issue when trying to read data from an issuer url of a Keycloak of the latest version. The data from Keycloak for the property “mtls_endpoint_aliases” looks like this:

      "mtls_endpoint_aliases":{
    "token_endpoint":"https://keycloakdomain/auth/realms/tcw/protocol/openid-connect/token",
    "revocation_endpoint":"https://keycloakdomain/auth/realms/tcw/protocol/openid-connect/revoke",
    "introspection_endpoint":"https://keycloakdomain/auth/realms/tcw/protocol/openid-connect/token/introspect",
    "device_authorization_endpoint":"https://keycloakdomain/auth/realms/tcw/protocol/openid-connect/auth/device",
    "registration_endpoint":"https://keycloakdomain/auth/realms/tcw/clients-registrations/openid-connect",
    "userinfo_endpoint":"https://keycloakdomain/auth/realms/tcw/protocol/openid-connect/userinfo",
    "pushed_authorization_request_endpoint":"https://keycloakdomain/auth/realms/tcw/protocol/openid-connect/ext/par/request",
    "backchannel_authentication_endpoint":"https://keycloakdomain/auth/realms/tcw/protocol/openid-connect/ext/ciba/auth"
  }

    But the parse-Function of the class in the latest version will try to read the following properties: 

        public static AuthorizationServerEndpointMetadata parse(final JSONObject jsonObject)
        throws ParseException {

        AuthorizationServerEndpointMetadata as = new AuthorizationServerEndpointMetadata();
        as.authzEndpoint = JSONObjectUtils.getURI(jsonObject, "authorization_endpoint", null);
        as.tokenEndpoint = JSONObjectUtils.getURI(jsonObject, "token_endpoint", null);
        as.regEndpoint = JSONObjectUtils.getURI(jsonObject, "registration_endpoint", null);
        as.introspectionEndpoint = JSONObjectUtils.getURI(jsonObject, "introspection_endpoint", null);
        as.revocationEndpoint = JSONObjectUtils.getURI(jsonObject, "revocation_endpoint", null);
        as.requestObjectEndpoint = JSONObjectUtils.getURI(jsonObject, "request_object_endpoint", null);
        as.parEndpoint = JSONObjectUtils.getURI(jsonObject, "pushed_authorization_request_endpoint", null);
        as.deviceAuthzEndpoint = JSONObjectUtils.getURI(jsonObject, "device_authorization_endpoint", null);
        as.backChannelAuthEndpoint = JSONObjectUtils.getURI(jsonObject, "backchannel_authentication_endpoint", null);
        return as;
    }

    When I understand the processes in JSONObjectUtils correctly, already trying to read the “authorization_endpoint” leads to a ParseException.

    Can you confirm this? Is there a workaround or should this be fixed?

    Best regards,
    Daniel

  9. Yavor Vasilev

    Will add a test to see what’s going on.

    Do you have the complete OP metadata JSON object returned from the server?

  13. Yavor Vasilev

    That's alright, thanks for the update. I'm closing the issue for now, but if there is indeed a bug here we'll fix it. Just give us a test vector and a stack trace.

  14. Log in to comment
Assignee
Type
bug
Priority
trivial
Status
invalid
Milestone
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!