Skip to content

Commit

Permalink
fix(oxauth): introspection endpoint returns error for valid basic cli…
Browse files Browse the repository at this point in the history
…ent authentication and invalid token #1916 (#1917)
  • Loading branch information
yuriyz authored Aug 2, 2024
1 parent 7c6d57c commit 0e7662e
Showing 1 changed file with 8 additions and 16 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,7 @@
import org.apache.commons.lang.StringUtils;
import org.gluu.oxauth.claims.Audience;
import org.gluu.oxauth.model.authorize.AuthorizeErrorResponseType;
import org.gluu.oxauth.model.common.AbstractToken;
import org.gluu.oxauth.model.common.AccessToken;
import org.gluu.oxauth.model.common.AuthorizationGrant;
import org.gluu.oxauth.model.common.AuthorizationGrantList;
import org.gluu.oxauth.model.common.IntrospectionResponse;
import org.gluu.oxauth.model.common.TokenType;
import org.gluu.oxauth.model.common.*;
import org.gluu.oxauth.model.config.WebKeysConfiguration;
import org.gluu.oxauth.model.configuration.AppConfiguration;
import org.gluu.oxauth.model.error.ErrorResponseFactory;
Expand All @@ -38,14 +33,7 @@
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.*;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
Expand Down Expand Up @@ -108,7 +96,7 @@ public Response introspectPost(@HeaderParam("Authorization") String p_authorizat
return introspect(p_authorization, p_token, tokenTypeHint, responseAsJwt, httpRequest, httpResponse);
}

private AuthorizationGrant validateAuthorization(String p_authorization, String p_token) throws UnsupportedEncodingException {
private AuthorizationGrant validateAuthorization(String p_authorization, String p_token) throws IOException {
final boolean skipAuthorization = ServerUtil.isTrue(appConfiguration.getIntrospectionSkipAuthorization());
log.trace("skipAuthorization: {}", skipAuthorization);
if (skipAuthorization) {
Expand All @@ -123,7 +111,11 @@ private AuthorizationGrant validateAuthorization(String p_authorization, String
final Pair<AuthorizationGrant, Boolean> pair = getAuthorizationGrant(p_authorization, p_token);
final AuthorizationGrant authorizationGrant = pair.getFirst();
if (authorizationGrant == null) {
log.error("Authorization grant is null.");
log.debug("Authorization grant is null.");
if (isTrue(pair.getSecond())) {
final IntrospectionResponse response = new IntrospectionResponse(false);
throw new WebApplicationException(Response.status(Response.Status.OK).entity(ServerUtil.asJson(response)).type(MediaType.APPLICATION_JSON_TYPE).build());
}
throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).type(MediaType.APPLICATION_JSON_TYPE).entity(errorResponseFactory.errorAsJson(AuthorizeErrorResponseType.ACCESS_DENIED, "Authorization grant is null.")).build());
}

Expand Down

0 comments on commit 0e7662e

Please sign in to comment.