From db889973a80c2d474ab26d25ee7f9ec8beafc754 Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Fri, 18 May 2018 11:21:45 -0500 Subject: [PATCH] OidcConfigurationProvider improve invalid issuer error Issue: gh-5355 --- .../oauth2/client/oidc/OidcConfigurationProvider.java | 11 +++++++++-- .../client/oidc/OidcConfigurationProviderTests.java | 6 ++++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/oauth2/client/oidc/OidcConfigurationProvider.java b/config/src/main/java/org/springframework/security/config/oauth2/client/oidc/OidcConfigurationProvider.java index 98e9793814..203c4d6c18 100644 --- a/config/src/main/java/org/springframework/security/config/oauth2/client/oidc/OidcConfigurationProvider.java +++ b/config/src/main/java/org/springframework/security/config/oauth2/client/oidc/OidcConfigurationProvider.java @@ -68,8 +68,7 @@ public final class OidcConfigurationProvider { * @return a {@link ClientRegistration.Builder} that was initialized by the OpenID Provider Configuration. */ public static ClientRegistration.Builder issuer(String issuer) { - RestTemplate rest = new RestTemplate(); - String openidConfiguration = rest.getForObject(issuer + "/.well-known/openid-configuration", String.class); + String openidConfiguration = getOpenidConfiguration(issuer); OIDCProviderMetadata metadata = parse(openidConfiguration); String name = URI.create(issuer).getHost(); ClientAuthenticationMethod method = getClientAuthenticationMethod(issuer, metadata.getTokenEndpointAuthMethods()); @@ -92,6 +91,14 @@ public final class OidcConfigurationProvider { .clientName(issuer); } + private static String getOpenidConfiguration(String issuer) { + RestTemplate rest = new RestTemplate(); + try { + return rest.getForObject(issuer + "/.well-known/openid-configuration", String.class); + } catch(RuntimeException e) { + throw new IllegalArgumentException("Unable to resolve the OpenID Configuration with the provided Issuer of \"" + issuer + "\"", e); + } + } private static ClientAuthenticationMethod getClientAuthenticationMethod(String issuer, List metadataAuthMethods) { if (metadataAuthMethods == null || metadataAuthMethods.contains(com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod.CLIENT_SECRET_BASIC)) { diff --git a/config/src/test/java/org/springframework/security/config/oauth2/client/oidc/OidcConfigurationProviderTests.java b/config/src/test/java/org/springframework/security/config/oauth2/client/oidc/OidcConfigurationProviderTests.java index fc0fe965f3..28947090bc 100644 --- a/config/src/test/java/org/springframework/security/config/oauth2/client/oidc/OidcConfigurationProviderTests.java +++ b/config/src/test/java/org/springframework/security/config/oauth2/client/oidc/OidcConfigurationProviderTests.java @@ -202,6 +202,12 @@ public class OidcConfigurationProviderTests { .hasMessageContaining("Only ClientAuthenticationMethod.BASIC and ClientAuthenticationMethod.POST are supported. The issuer \"" + this.issuer + "\" returned a configuration of [tls_client_auth]"); } + @Test + public void issuerWhenEmptyStringThenMeaningfulErrorMessage() { + assertThatThrownBy(() -> OidcConfigurationProvider.issuer("")) + .hasMessageContaining("Unable to resolve the OpenID Configuration with the provided Issuer of \"\""); + } + private ClientRegistration registration(String path) throws Exception { String body = this.mapper.writeValueAsString(this.response); MockResponse mockResponse = new MockResponse()