From 127bc84adb3441fcb344697e21219d786ea4846b Mon Sep 17 00:00:00 2001
From: Sergey Beryozkin <sberyozkin@gmail.com>
Date: Tue, 21 Jun 2022 13:08:51 +0100
Subject: [PATCH] Trim OIDC claim role path

---
 .../main/java/io/quarkus/oidc/runtime/OidcUtils.java   |  2 +-
 .../java/io/quarkus/oidc/runtime/OidcUtilsTest.java    | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcUtils.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcUtils.java
index 3b4ac828688a4..7c3cf23dd2221 100644
--- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcUtils.java
+++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcUtils.java
@@ -115,7 +115,7 @@ public static List<String> findRoles(String clientId, OidcTenantConfig.Roles rol
         if (rolesConfig.getRoleClaimPath().isPresent()) {
             List<String> roles = new LinkedList<>();
             for (String roleClaimPath : rolesConfig.getRoleClaimPath().get()) {
-                roles.addAll(findClaimWithRoles(rolesConfig, roleClaimPath, json));
+                roles.addAll(findClaimWithRoles(rolesConfig, roleClaimPath.trim(), json));
             }
             return roles;
         }
diff --git a/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java b/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java
index f6aba80551ad5..37cc57d5294e9 100644
--- a/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java
+++ b/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java
@@ -439,6 +439,16 @@ public void testTokenWithCustomNamespacedRoles() throws Exception {
         assertTrue(roles.contains("r4"));
     }
 
+    @Test
+    public void testTokenWithCustomNamespacedRolesWithSpaces() throws Exception {
+        OidcTenantConfig.Roles rolesCfg = OidcTenantConfig.Roles
+                .fromClaimPath(Collections.singletonList(" application_card/embedded/\"https://custom/roles\" "));
+        List<String> roles = OidcUtils.findRoles(null, rolesCfg, read(getClass().getResourceAsStream("/tokenCustomPath.json")));
+        assertEquals(2, roles.size());
+        assertTrue(roles.contains("r3"));
+        assertTrue(roles.contains("r4"));
+    }
+
     @Test
     public void testTokenWithScope() throws Exception {
         OidcTenantConfig.Roles rolesCfg = OidcTenantConfig.Roles.fromClaimPath(Collections.singletonList("scope"));