Re: [PR] SLING-12714 - Impementation of OidcAuthenticationHandler (Support for PKCE, nonce in OidcAuthenticationHandler, bug fixes) [sling-org-apache-sling-auth-oauth-client]

Tue, 27 May 2025 01:09:13 -0700 


nscendoni commented on code in PR #15:
URL: 
https://github.com/apache/sling-org-apache-sling-auth-oauth-client/pull/15#discussion_r2108527000


##########
src/main/java/org/apache/sling/auth/oauth_client/impl/OidcAuthenticationHandler.java:
##########
@@ -187,32 +198,40 @@ public AuthenticationInfo extractCredentials(@NotNull 
HttpServletRequest request
             return authInfo;
         }
 
-        //The request is not authenticated. 
-        // 1. Check if the State cookie match with the state in the request 
received from the idp
+        //The request is not authenticated.
+        // 1. Extract nonce cookie and state cookie from the request
         StringBuffer requestURL = request.getRequestURL();
         if ( request.getQueryString() != null )
             requestURL.append('?').append(request.getQueryString());
 
         Optional<OAuthState> clientState; //state returned by the idp in the 
redirect request
         String authCode; //authorization code returned by the idp in the 
redirect request
         Cookie stateCookie;
+        Cookie nonceCookie;
+        Cookie codeVerifierCookie = null;
+        AuthorizationResponse authResponse;
         try {
-            AuthorizationResponse authResponse = 
AuthorizationResponse.parse(new URI(requestURL.toString()));
+            authResponse = AuthorizationResponse.parse(new 
URI(requestURL.toString()));
             clientState = extractClientState(authResponse);
-            authCode = extractAuthCode(authResponse);
-            stateCookie = extractStateCookie(request);
-        } catch (ParseException | URISyntaxException e) {
-            logger.debug("Failed to parse authorization response");
+        } catch (ParseException | URISyntaxException | IllegalStateException 
e) {
+            // If we fail parsing the response, we consider the request not 
for this authentication handler

Review Comment:
   With this code ParseException is thrown when there are request without 
parameter in the request. I t was generating some noise.
   I modified it to not execute this code if there are not parameters in the 
request, and I restored the log



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to