Skip to content

Commit

Permalink
Support OIDC signed UserInfo with charset content type parameters
Browse files Browse the repository at this point in the history
  • Loading branch information
sberyozkin committed Sep 2, 2024
1 parent 152f093 commit 4c038e9
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -415,7 +415,7 @@ public Uni<UserInfo> getUserInfo(String accessToken) {

@Override
public Uni<UserInfo> apply(UserInfoResponse response) {
if (APPLICATION_JWT_CONTENT_TYPE.equals(response.contentType())) {
if (isApplicationJwtContentType(response.contentType())) {
if (oidcConfig.jwks.resolveEarly) {
try {
LOG.debugf("Verifying the signed UserInfo with the local JWK keys: %s", response.data());
Expand Down Expand Up @@ -446,6 +446,21 @@ public Uni<UserInfo> apply(UserInfoResponse response) {
});
}

static boolean isApplicationJwtContentType(String ct) {
if (ct == null) {
return false;
}
ct = ct.trim();
if (!ct.startsWith(APPLICATION_JWT_CONTENT_TYPE)) {
return false;
}
if (ct.length() == APPLICATION_JWT_CONTENT_TYPE.length()) {
return true;
}
String remainder = ct.substring(APPLICATION_JWT_CONTENT_TYPE.length()).trim();
return remainder.indexOf(';') == 0;
}

public Uni<AuthorizationCodeTokens> getCodeFlowTokens(String code, String redirectUri, String codeVerifier) {
return client.getAuthorizationCodeTokens(code, redirectUri, codeVerifier);
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package io.quarkus.oidc.runtime;

import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
Expand Down Expand Up @@ -310,4 +311,15 @@ public String validate(JwtContext jwtContext) throws MalformedClaimException {
}
}
}

@Test
public void testJwtContentTypeCheck() {
assertTrue(OidcProvider.isApplicationJwtContentType("application/jwt"));
assertTrue(OidcProvider.isApplicationJwtContentType(" application/jwt "));
assertTrue(OidcProvider.isApplicationJwtContentType("application/jwt;charset=UTF-8"));
assertTrue(OidcProvider.isApplicationJwtContentType(" application/jwt ; charset=UTF-8"));
assertFalse(OidcProvider.isApplicationJwtContentType(" application/jwt-custom"));
assertFalse(OidcProvider.isApplicationJwtContentType(" application/json"));
assertFalse(OidcProvider.isApplicationJwtContentType(null));
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -617,7 +617,7 @@ private void defineCodeFlowUserInfoCachedInIdTokenStub() {
get(urlEqualTo("/auth/realms/quarkus/protocol/openid-connect/signeduserinfo"))
.withHeader("Authorization", containing("Bearer ey"))
.willReturn(aResponse()
.withHeader("Content-Type", "application/jwt")
.withHeader("Content-Type", " application/jwt ; charset=UTF-8")
.withBody(
Jwt.preferredUserName("alice")
.issuer("https://server.example.com")
Expand Down

0 comments on commit 4c038e9

Please sign in to comment.