pzampino commented on code in PR #1074:
URL: https://github.com/apache/knox/pull/1074#discussion_r2267693691
##########
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java:
##########
@@ -264,22 +260,19 @@ public void doFilter(ServletRequest request,
ServletResponse response, FilterCha
}
}
- private boolean validateClientCredentialsFlow(HttpServletRequest request,
HttpServletResponse response, String tokenId)
- throws IOException {
- boolean validated = true;
- final String grantType = request.getParameter(GRANT_TYPE);
- if (grantType != null && !grantType.isEmpty()) {
- final String clientID = request.getParameter(CLIENT_ID);
- // if there is no client_id then this is not a client credentials flow
- if (clientID != null && !tokenId.equals(clientID)) {
- validated = false;
- log.wrongPasscodeToken(tokenId);
- handleValidationError(request, response,
- HttpServletResponse.SC_UNAUTHORIZED,
- MISMATCHING_CLIENT_ID_AND_CLIENT_SECRET);
- }
+ private void validateClientID(HttpServletRequest request, String tokenValue)
{
+ final String clientID = request.getParameter(CLIENT_ID);
+ String tokenId = null;
+ try {
+ final String[] base64DecodedTokenIdAndPasscode =
decodeBase64(tokenValue).split("::");
+ tokenId = decodeBase64(base64DecodedTokenIdAndPasscode[0]);
+ } catch (Exception e) {
+ throw new SecurityException("Error while parsing the received client
secret", e);
+ }
+ // if there is no client_id then this is not a client credentials flow
+ if (clientID != null && !tokenId.equals(clientID)) {
+ throw new SecurityException("Client ID mismatch");
Review Comment:
Could we not still use the MISMATCHING_CLIENT_ID_AND_CLIENT_SECRET message?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
