- changed status to open
Can't parse Azure OIDC Metadata: Unencoded { and } chars in URI
Issue #460
open
By migrating from pac4hj-oauth 5.7 to 6.0.1 (use oauth2-oidcs-sdk 11.9.1), I get the following error when calling Azure OIDC Service, actually new URI() doesn't like characters such as “{ }”
Caused by: com.nimbusds.oauth2.sdk.ParseException: Illegal character in path at index 34: https://login.microsoftonline.com/{tenantid}/v2.0
at com.nimbusds.oauth2.sdk.util.JSONObjectUtils.getURI(JSONObjectUtils.java:533)
at com.nimbusds.oauth2.sdk.as.AuthorizationServerMetadata.parse(AuthorizationServerMetadata.java:1781)
at com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata.parse(OIDCProviderMetadata.java:1302)
at com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata.parse(OIDCProviderMetadata.java:1698)
at org.pac4j.oidc.metadata.OidcOpMetadataResolver.retrieveMetadata(OidcOpMetadataResolver.java:98)
... 99 more
Caused by: java.net.URISyntaxException: Illegal character in path at index 34: https://login.microsoftonline.com/{tenantid}/v2.0
at java.base/java.net.URI$Parser.fail(URI.java:2976) at java.base/java.net.URI$Parser.checkChars(URI.java:3147)
at java.base/java.net.URI$Parser.parseHierarchical(URI.java:3229) at java.base/java.net.URI$Parser.parse(URI.java:3177)
at java.base/java.net.URI.<init>(URI.java:623)
at com.nimbusds.oauth2.sdk.util.JSONObjectUtils.getURI(JSONObjectUtils.java:529)
Comments (3)
-
-
- changed title to Can't parse Azure OIDC Metadata: Unencoded { and } chars in URI
Edits title
-
reporter yes parameter “issuer”, line 1781 of the AuthorizationServerMetadata class
Issuer issuer = new Issuer(JSONObjectUtils.getURI(jsonObject, "issuer").toString());
- Log in to comment
Java URI implements the URI standard in RFC 2396, which requires
{
and}
to be escaped.https://www.rfc-editor.org/rfc/rfc2396#section-2.4.3
https://docs.oracle.com/javase/8/docs/api/java/net/URI.html
Test to capture this: 2884f471c0714ada198852992de357590e6c0a47
To work around this you may try fixing the encoding in the HTTP response before passing it to the parser. Do you know which metadata parameter gets this URI value?