This is an automated email from the ASF dual-hosted git repository. btellier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git
commit c6bd40ff0bc26dd95808aeafc12530cf4fffcc0f Author: Felix Auringer <[email protected]> AuthorDate: Mon Nov 17 11:04:36 2025 +0100 fix(oidc): wrong format of gs2-header --- .../main/java/org/apache/james/protocols/api/OIDCSASLParser.java | 5 +++++ .../test/java/org/apache/james/protocols/api/OIDCSASLHelper.java | 8 ++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/protocols/api/src/main/java/org/apache/james/protocols/api/OIDCSASLParser.java b/protocols/api/src/main/java/org/apache/james/protocols/api/OIDCSASLParser.java index 72df061214..1623998c95 100644 --- a/protocols/api/src/main/java/org/apache/james/protocols/api/OIDCSASLParser.java +++ b/protocols/api/src/main/java/org/apache/james/protocols/api/OIDCSASLParser.java @@ -61,6 +61,7 @@ public class OIDCSASLParser { Optional<String> decodeResult = decodeBase64(initialResponse); if (decodeResult.isPresent()) { + // See the format of the gs2-header in https://www.rfc-editor.org/rfc/rfc5801#section-4. String decodeValueWithoutDanglingPart = decodeResult.filter(value -> value.startsWith("n,")) .map(value -> value.substring(2)) .orElse(decodeResult.get()); @@ -81,6 +82,10 @@ public class OIDCSASLParser { userPartCounter++; } else if (stringToken.startsWith(OAUTHBEARER_USER_PART_PREFIX)) { userPart = stringToken.substring(OAUTHBEARER_USER_PART_INDEX); + // See the format of the gs2-header in https://www.rfc-editor.org/rfc/rfc5801#section-4. + if (userPart.endsWith(",")) { + userPart = userPart.substring(0, userPart.length() - 1); + } userPartCounter++; } } diff --git a/protocols/api/src/test/java/org/apache/james/protocols/api/OIDCSASLHelper.java b/protocols/api/src/test/java/org/apache/james/protocols/api/OIDCSASLHelper.java index b806a40acb..8440a51de0 100644 --- a/protocols/api/src/test/java/org/apache/james/protocols/api/OIDCSASLHelper.java +++ b/protocols/api/src/test/java/org/apache/james/protocols/api/OIDCSASLHelper.java @@ -25,7 +25,7 @@ import java.util.Base64; import com.google.common.collect.ImmutableList; public class OIDCSASLHelper { - // See the XOAUTH2 specification athttps://developers.google.com/workspace/gmail/imap/xoauth2-protocol + // See the XOAUTH2 specification at https://developers.google.com/workspace/gmail/imap/xoauth2-protocol // for details. public static String generateEncodedXOauth2InitialClientResponse(String username, String token) { return Base64.getEncoder().encodeToString(String.join("" + OIDCSASLParser.SASL_SEPARATOR, @@ -33,11 +33,11 @@ public class OIDCSASLHelper { .getBytes(StandardCharsets.US_ASCII)); } - // See the OAUTHBEARER specification at https://datatracker.ietf.org/doc/html/rfc5801#section-4 - // for details. + // See the OAUTHBEARER specification at https://www.rfc-editor.org/rfc/rfc7628.html#section-3.1 + // and the GSS-API specification at https://www.rfc-editor.org/rfc/rfc5801#section-4 for details. public static String generateEncodedOauthbearerInitialClientResponse(String username, String token) { return Base64.getEncoder().encodeToString(String.join("" + OIDCSASLParser.SASL_SEPARATOR, - ImmutableList.of("n,a=" + username, "auth=Bearer " + token, "", "")) + ImmutableList.of("n,a=" + username + ",", "auth=Bearer " + token, "", "")) .getBytes(StandardCharsets.US_ASCII)); } } --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
