Merge pull request quarkusio#26256 from sberyozkin/trim_oidc_role_path

Trim OIDC claim role path
gsmet · Jun 21, 2022 · fd26ffc · fd26ffc
2 parents 5aac1c4 + 127bc84
commit fd26ffc
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcUtils.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcUtils.java
@@ -115,7 +115,7 @@ public static List<String> findRoles(String clientId, OidcTenantConfig.Roles rol
         if (rolesConfig.getRoleClaimPath().isPresent()) {
             List<String> roles = new LinkedList<>();
             for (String roleClaimPath : rolesConfig.getRoleClaimPath().get()) {
-                roles.addAll(findClaimWithRoles(rolesConfig, roleClaimPath, json));
+                roles.addAll(findClaimWithRoles(rolesConfig, roleClaimPath.trim(), json));
             }
             return roles;
         }

diff --git a/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java b/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java
@@ -439,6 +439,16 @@ public void testTokenWithCustomNamespacedRoles() throws Exception {
         assertTrue(roles.contains("r4"));
     }
 
+    @Test
+    public void testTokenWithCustomNamespacedRolesWithSpaces() throws Exception {
+        OidcTenantConfig.Roles rolesCfg = OidcTenantConfig.Roles
+                .fromClaimPath(Collections.singletonList(" application_card/embedded/\"https://custom/roles\" "));
+        List<String> roles = OidcUtils.findRoles(null, rolesCfg, read(getClass().getResourceAsStream("/tokenCustomPath.json")));
+        assertEquals(2, roles.size());
+        assertTrue(roles.contains("r3"));
+        assertTrue(roles.contains("r4"));
+    }
+
     @Test
     public void testTokenWithScope() throws Exception {
         OidcTenantConfig.Roles rolesCfg = OidcTenantConfig.Roles.fromClaimPath(Collections.singletonList("scope"));