Merge pull request #18701 from spring-projects/dependabot/gradle/main/com.nimbusds-oauth2-oidc-sdk-11.33

Bump com.nimbusds:oauth2-oidc-sdk from 11.26.1 to 11.33
1 month ago · f91b5f33fc
3 changed files with 13 additions and 5 deletions
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@ -20,8 +20,8 @@ ch-qos-logback-logback-classic = "ch.qos.logback:logback-classic:1.5.28"
				@@ -20,8 +20,8 @@ ch-qos-logback-logback-classic = "ch.qos.logback:logback-classic:1.5.28"
 com-fasterxml-jackson-jackson-bom = "com.fasterxml.jackson:jackson-bom:2.21.0"
 com-google-inject-guice = "com.google.inject:guice:3.0"
 com-netflix-nebula-nebula-project-plugin = "com.netflix.nebula:nebula-project-plugin:8.2.0"
-com-nimbusds-nimbus-jose-jwt = "com.nimbusds:nimbus-jose-jwt:10.4"
-com-nimbusds-oauth2-oidc-sdk = "com.nimbusds:oauth2-oidc-sdk:11.26.1"
+com-nimbusds-nimbus-jose-jwt = "com.nimbusds:nimbus-jose-jwt:10.6"
+com-nimbusds-oauth2-oidc-sdk = "com.nimbusds:oauth2-oidc-sdk:11.33"
 com-squareup-okhttp3-mockwebserver = { module = "com.squareup.okhttp3:mockwebserver", version.ref = "com-squareup-okhttp3" }
 com-squareup-okhttp3-okhttp = { module = "com.squareup.okhttp3:okhttp", version.ref = "com-squareup-okhttp3" }
 com-unboundid-unboundid-ldapsdk = "com.unboundid:unboundid-ldapsdk:7.0.4"
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java
@ -105,7 +105,7 @@ public final class ClientRegistrations {
				@@ -105,7 +105,7 @@ public final class ClientRegistrations {
 	 * @return the {@link ClientRegistration} built from the configuration
 	 */
 	public static ClientRegistration.Builder fromOidcConfiguration(Map<String, Object> configuration) {
-		OIDCProviderMetadata metadata = parse(configuration, OIDCProviderMetadata::parse);
+		OIDCProviderMetadata metadata = parseInput(configuration, OIDCProviderMetadata::parse);
 		ClientRegistration.Builder builder = withProviderConfiguration(metadata, metadata.getIssuer().getValue());
 		builder.jwkSetUri(metadata.getJWKSetURI().toASCIIString());
 		if (metadata.getUserInfoEndpointURI() != null) {
@ -292,6 +292,15 @@ public final class ClientRegistrations {
				@@ -292,6 +292,15 @@ public final class ClientRegistrations {
 		throw new IllegalArgumentException(errorMessage);
 	}

+	private static <T> T parseInput(Map<String, Object> body, ThrowingFunction<JSONObject, T, ParseException> parser) {
+		try {
+			return parse(body, parser);
+		}
+		catch (RuntimeException ex) {
+			throw new IllegalArgumentException(ex);
+		}
+	}
+
 	private static <T> T parse(Map<String, Object> body, ThrowingFunction<JSONObject, T, ParseException> parser) {
 		try {
 			return parser.apply(new JSONObject(body));
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
@ -40,7 +40,6 @@ import static org.assertj.core.api.Assertions.assertThat;
				@@ -40,7 +40,6 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
-import static org.assertj.core.api.Assertions.assertThatNullPointerException;

 /**
 * @author Rob Winch
@ -475,7 +474,7 @@ public class ClientRegistrationsTests {
				@@ -475,7 +474,7 @@ public class ClientRegistrationsTests {
 	@Test
 	public void issuerWhenOidcConfigurationResponseMissingJwksUriThenThrowsIllegalArgumentException() throws Exception {
 		this.response.remove("jwks_uri");
-		assertThatNullPointerException().isThrownBy(() -> registration(this.response).build());
+		assertThatIllegalArgumentException().isThrownBy(() -> registration(this.response).build());
 	}

 	@Test