Invalid scope is throwing a strange exception
I am using WebClient to get a token from azure. I started getting back the following error saying there are illegal characters in the description. It looks like this may be coming from the error message and is similar to https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/issues/338/authorizationgrantparse-with-a-map-missing. The actual error was due to an invalid scope.
java.lang.IllegalArgumentException: Illegal char(s) in description, see RFC 6749, section 5.2
at com.nimbusds.oauth2.sdk.ErrorObject.<init>(ErrorObject.java:152) ~[oauth2-oidc-sdk-9.28.jar:9.28]
Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException:
Original Stack Trace:
at com.nimbusds.oauth2.sdk.ErrorObject.<init>(ErrorObject.java:152) ~[oauth2-oidc-sdk-9.28.jar:9.28]
at com.nimbusds.oauth2.sdk.TokenErrorResponse.parse(TokenErrorResponse.java:220) ~[oauth2-oidc-sdk-9.28.jar:9.28]
at com.nimbusds.oauth2.sdk.TokenResponse.parse(TokenResponse.java:77) ~[oauth2-oidc-sdk-9.28.jar:9.28]
at org.springframework.security.oauth2.core.web.reactive.function.OAuth2AccessTokenResponseBodyExtractor.parse(OAuth2AccessTokenResponseBodyExtractor.java:79) ~[spring-security-oauth2-core-5.6.2.jar:5.6.2]
at reactor.core.publisher.FluxMap$MapSubscriber.onNext(FluxMap.java:106) ~[reactor-core-3.4.15.jar:3.4.15]
Comments (5)
-
-
- changed status to open
Will consider adding an
ErrorObject.parse
method that skips theerror_description
if illegal chars are found in it. -
We ran into the exact same issue. The error messages from azure are actually really helpful, but always contain illegal “\n\r” characters. I don’t think that Microsoft will change their error messages. Perhaps “illegal whitespace characters” could just be replaced with a blank or just omitted?
-
- changed status to resolved
ErrorObject.parse updated: 118f49e3
-
Pushed to Maven Central as
version 9.39 (2022-07-22)
- Log in to comment
My suggestion is to contact them and explain the emitted error description is not compliant with
RFC 6749, section 5.2
and cause problems with libraries.