1. connect2id Avatar connect2id
  2. OAuth
  3. OAuth 2.0 SDK with OpenID Connect extensions
  4. Issues

AuthorizationResponse.parse(HTTPRequest,JARMValidator) parses redirect_uri incorrectly

Issue #477 resolved
Yavor Vasilev created an issue 
java.lang.AssertionError: expected:<https://client.com/in> but was:<https://client.com/in?response=eyJraWQiOiJzMSIsImFsZyI6IlJTMjU2In0.eyJpc3MiOiJodHRwczovL2MyaWQuY29tIiwiYXVkIjoieGVmbGlld25idXFjZSIsImNvZGUiOiJMMWN3WXpqUHNwSXBTXzFwcnFzd1lnLk5UU3NjckVJaEVqTTlXck85TmlQLXciLCJzdGF0ZSI6Im8wbjl6WnhkNEh0c2NveTBKM2Y1bkVsdlVjRFhWRlRya05zQ1FNS1VrcVkiLCJleHAiOjE3MjM2NjU2NDZ9.F7KRh2NFUjrP69BhBIfzUoTkbJXRBMGcuqHgC8Kt41QOJD_BdrcqVrS6djyUCuvyD3-IQg_3BUpPy1PERyap5B1kw1M35Wst-6POE37sgEiQn0hV2mMvkx1lJ4bGsj7foLEZvMfQfiNmkM_QNsPj0vH4EKZFZjKN-gEEz4gWZPSsTUGLey9_6i-7lPQ525c_NvQB7d4xojro9dHwPsJUdoc_qyJ3g2KpP9rw2UfRlEnwGbyrf93W6krtEINW91H5ixzt7CSbw0M5LNasZ-0BAK2NBqbOuossNh7N_fEwMeKhOKILw8OPyX1S4R0i1Sdkmcjkqpq_D1IRH2Os3_vh3A>
Expected :https://client.com/in
Actual   :https://client.com/in?response=eyJraWQiOiJzMSIsImFsZyI6IlJTMjU2In0.eyJpc3MiOiJodHRwczovL2MyaWQuY29tIiwiYXVkIjoieGVmbGlld25idXFjZSIsImNvZGUiOiJMMWN3WXpqUHNwSXBTXzFwcnFzd1lnLk5UU3NjckVJaEVqTTlXck85TmlQLXciLCJzdGF0ZSI6Im8wbjl6WnhkNEh0c2NveTBKM2Y1bkVsdlV ...

Comments (2)

  1. Yavor Vasilev reporter

    Test:

    var successResponse = AuthorizationResponse.parse(
            httpPOST,
            new JARMValidator(
                singleTenantCtx.getIssuer(),
                clientInfo.getID(),
                JWSAlgorithm.RS256,
                CachingJWKSetLoader.loadForOP(singleTenantCtx)
            )
        ).toSuccessResponse();

        assertEquals(clientInfo.getOIDCMetadata().getRedirectionURI(), successResponse.getRedirectionURI());
        assertNotNull(successResponse.getAuthorizationCode());
        assertEquals(authzRequest.getState(), successResponse.getState());
        assertNull(successResponse.getAccessToken());

  3. Log in to comment
Assignee
Type
bug
Priority
major
Status
resolved
Milestone
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!