From f937259739592ebbea0d73b2b775bcd2ad0f5d20 Mon Sep 17 00:00:00 2001 From: RICHARD BIDET - E360356 Date: Wed, 24 Sep 2025 10:46:45 +0200 Subject: [PATCH 1/6] Update pom.xml 3.3.1 version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index fd68196..82b8393 100644 --- a/pom.xml +++ b/pom.xml @@ -19,7 +19,7 @@ org.seedstack.addons.oauth oauth - 3.3.0-SNAPSHOT + 3.3.1 3.12.0 From fb7ddea6e73045dcf0e99ba1f58921428b6a5448 Mon Sep 17 00:00:00 2001 From: RICHARD BIDET - E360356 Date: Wed, 24 Sep 2025 10:47:56 +0200 Subject: [PATCH 2/6] Update OAuthAuthenticationFilter.java Dynamic redirect URL rgarding the ServletRequest --- .../internal/OAuthAuthenticationFilter.java | 127 ++++++++++-------- 1 file changed, 74 insertions(+), 53 deletions(-) diff --git a/src/main/java/org/seedstack/oauth/internal/OAuthAuthenticationFilter.java b/src/main/java/org/seedstack/oauth/internal/OAuthAuthenticationFilter.java index a309871..e7a20f8 100644 --- a/src/main/java/org/seedstack/oauth/internal/OAuthAuthenticationFilter.java +++ b/src/main/java/org/seedstack/oauth/internal/OAuthAuthenticationFilter.java @@ -7,18 +7,24 @@ */ package org.seedstack.oauth.internal; -import com.google.common.base.Strings; -import com.nimbusds.oauth2.sdk.AuthorizationRequest; -import com.nimbusds.oauth2.sdk.ParseException; -import com.nimbusds.oauth2.sdk.ResponseType; -import com.nimbusds.oauth2.sdk.Scope; -import com.nimbusds.oauth2.sdk.id.ClientID; -import com.nimbusds.oauth2.sdk.id.State; -import com.nimbusds.oauth2.sdk.token.AccessToken; -import com.nimbusds.oauth2.sdk.token.BearerAccessToken; -import com.nimbusds.oauth2.sdk.token.TypelessAccessToken; -import com.nimbusds.openid.connect.sdk.AuthenticationRequest; -import com.nimbusds.openid.connect.sdk.Nonce; +import static com.google.common.base.Preconditions.checkNotNull; +import static org.apache.shiro.web.util.WebUtils.issueRedirect; +import static org.seedstack.oauth.internal.OAuthUtils.OPENID_SCOPE; +import static org.seedstack.oauth.internal.OAuthUtils.createScope; + +import java.io.IOException; +import java.net.URI; +import java.net.URISyntaxException; +import java.util.List; +import java.util.Map; +import java.util.Optional; + +import javax.inject.Inject; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationToken; @@ -35,21 +41,18 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import javax.inject.Inject; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.net.URI; -import java.util.List; -import java.util.Map; -import java.util.Optional; - -import static com.google.common.base.Preconditions.checkNotNull; -import static org.apache.shiro.web.util.WebUtils.issueRedirect; -import static org.seedstack.oauth.internal.OAuthUtils.OPENID_SCOPE; -import static org.seedstack.oauth.internal.OAuthUtils.createScope; +import com.google.common.base.Strings; +import com.nimbusds.oauth2.sdk.AuthorizationRequest; +import com.nimbusds.oauth2.sdk.ParseException; +import com.nimbusds.oauth2.sdk.ResponseType; +import com.nimbusds.oauth2.sdk.Scope; +import com.nimbusds.oauth2.sdk.id.ClientID; +import com.nimbusds.oauth2.sdk.id.State; +import com.nimbusds.oauth2.sdk.token.AccessToken; +import com.nimbusds.oauth2.sdk.token.BearerAccessToken; +import com.nimbusds.oauth2.sdk.token.TypelessAccessToken; +import com.nimbusds.openid.connect.sdk.AuthenticationRequest; +import com.nimbusds.openid.connect.sdk.Nonce; @SecurityFilter("oauth") public class OAuthAuthenticationFilter extends AuthenticatingFilter implements SessionRegeneratingFilter { @@ -101,31 +104,31 @@ protected boolean onAccessDenied(ServletRequest request, ServletResponse respons loggedIn = executeLogin(request, response); } if (!loggedIn) { - if (oauthConfig.getRedirect() != null) { - redirectToAuthorizationEndpoint(request, response); - } else { - try { - ((HttpServletResponse) response).sendError( - HttpServletResponse.SC_UNAUTHORIZED, - OAuthUtils.formatUnauthorizedMessage(request, oauthConfig.isDiscloseUnauthorizedReason()) - ); - } catch (IOException e1) { - LOGGER.debug("Unable to send {} HTTP code to client", HttpServletResponse.SC_UNAUTHORIZED, e1); - } + // if (oauthConfig.getRedirect() != null) { + if (redirectToAuthorizationEndpoint(request, response)) + return loggedIn; + try { + ((HttpServletResponse) response).sendError( + HttpServletResponse.SC_UNAUTHORIZED, + OAuthUtils.formatUnauthorizedMessage(request, oauthConfig.isDiscloseUnauthorizedReason())); + } catch (IOException e1) { + LOGGER.debug("Unable to send {} HTTP code to client", HttpServletResponse.SC_UNAUTHORIZED, e1); } } return loggedIn; + } @Override protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, - ServletResponse response) { + ServletResponse response) { regenerateSession(subject); return true; } + @Override protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, - ServletRequest request, ServletResponse response) { + ServletRequest request, ServletResponse response) { if (LOGGER.isDebugEnabled()) { LOGGER.debug("Authentication exception", e); } @@ -133,24 +136,41 @@ protected boolean onLoginFailure(AuthenticationToken token, AuthenticationExcept return false; } - private void redirectToAuthorizationEndpoint(ServletRequest request, ServletResponse response) throws IOException { + private boolean redirectToAuthorizationEndpoint(ServletRequest request, ServletResponse response) throws IOException { State state = new State(); Nonce nonce = new Nonce(); Scope scope = createScope(oauthConfig.getScopes()); + URI callback = createRedirectCallback(request); + URI uri; if (scope.contains(OPENID_SCOPE)) { - uri = buildAuthenticationURI(state, nonce, scope); + uri = buildAuthenticationURI(state, nonce, scope, callback); } else { - uri = buildAuthorizationURI(state, scope); + uri = buildAuthorizationURI(state, scope, callback); } saveState(state, nonce); saveRequest(request); issueRedirect(request, response, uri.toString()); + return true; + } + + private URI createRedirectCallback(ServletRequest request) { + String scheme = request.getScheme(); + String host = request.getServerName(); + int port = request.getServerPort(); + try { + URI callback = new URI(scheme + "://" + host + ":" + port + "/callback"); + oauthConfig.setRedirect(callback); + return callback; + } catch (URISyntaxException e) { + e.printStackTrace(); + } + return null; } - private URI buildAuthorizationURI(State state, Scope scope) { + private URI buildAuthorizationURI(State state, Scope scope, URI callback) { OAuthProvider oauthProvider = oAuthService.getOAuthProvider(); URI endpointURI = oauthProvider.getAuthorizationEndpoint(); Map> parameters = OAuthUtils.extractQueryParameters(endpointURI); @@ -159,10 +179,11 @@ private URI buildAuthorizationURI(State state, Scope scope) { AuthorizationRequest.Builder builder = new AuthorizationRequest.Builder( new ResponseType(ResponseType.Value.CODE), new ClientID(checkNotNull(oauthConfig.getClientId(), "Missing client identifier"))) - .scope(scope) - .redirectionURI(checkNotNull(oauthConfig.getRedirect(), "Missing redirect URI")) - .endpointURI(endpointURI) - .state(state); + .scope(scope) + .redirectionURI( + checkNotNull(oauthConfig.getRedirect() != null ? oauthConfig.getRedirect() : callback, "Missing redirect URI")) + .endpointURI(endpointURI) + .state(state); for (Map.Entry> parameter : parameters.entrySet()) { builder.customParameter(parameter.getKey(), parameter.getValue().toArray(new String[0])); @@ -171,7 +192,7 @@ private URI buildAuthorizationURI(State state, Scope scope) { return builder.build().toURI(); } - private URI buildAuthenticationURI(State state, Nonce nonce, Scope scope) { + private URI buildAuthenticationURI(State state, Nonce nonce, Scope scope, URI callback) { OAuthProvider oauthProvider = oAuthService.getOAuthProvider(); URI endpointURI = oauthProvider.getAuthorizationEndpoint(); Map> parameters = OAuthUtils.extractQueryParameters(endpointURI); @@ -181,10 +202,10 @@ private URI buildAuthenticationURI(State state, Nonce nonce, Scope scope) { new ResponseType(ResponseType.Value.CODE), scope, new ClientID(checkNotNull(oauthConfig.getClientId(), "Missing client identifier")), - checkNotNull(oauthConfig.getRedirect(), "Missing redirect URI")) - .endpointURI(endpointURI) - .state(state) - .nonce(nonce); + checkNotNull(oauthConfig.getRedirect() != null ? oauthConfig.getRedirect() : callback, "Missing redirect URI")) + .endpointURI(endpointURI) + .state(state) + .nonce(nonce); for (Map.Entry> parameter : parameters.entrySet()) { builder.customParameter(parameter.getKey(), parameter.getValue().toArray(new String[0])); From 0f77d163b9cdc7f75e0e40b9bcbfc94a594cd3e3 Mon Sep 17 00:00:00 2001 From: RICHARD BIDET - E360356 Date: Wed, 24 Sep 2025 10:48:16 +0200 Subject: [PATCH 3/6] Update OAuthCallbackFilter.java Dynamic rediect regarding ServletRequest --- .../oauth/internal/OAuthCallbackFilter.java | 76 +++++++++++++------ 1 file changed, 51 insertions(+), 25 deletions(-) diff --git a/src/main/java/org/seedstack/oauth/internal/OAuthCallbackFilter.java b/src/main/java/org/seedstack/oauth/internal/OAuthCallbackFilter.java index 96d4c76..123b1d7 100644 --- a/src/main/java/org/seedstack/oauth/internal/OAuthCallbackFilter.java +++ b/src/main/java/org/seedstack/oauth/internal/OAuthCallbackFilter.java @@ -7,9 +7,27 @@ */ package org.seedstack.oauth.internal; -import com.nimbusds.oauth2.sdk.*; -import com.nimbusds.oauth2.sdk.id.State; -import com.nimbusds.openid.connect.sdk.Nonce; +import static com.google.common.base.Preconditions.checkNotNull; +import static org.apache.shiro.web.util.WebUtils.toHttp; +import static org.seedstack.oauth.internal.OAuthUtils.buildGenericError; +import static org.seedstack.oauth.internal.OAuthUtils.createScope; +import static org.seedstack.oauth.internal.OAuthUtils.requestTokens; + +import java.io.IOException; +import java.net.URI; +import java.net.URISyntaxException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.inject.Inject; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationToken; @@ -25,19 +43,14 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import javax.inject.Inject; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.net.URI; -import java.net.URISyntaxException; -import java.util.*; - -import static com.google.common.base.Preconditions.checkNotNull; -import static org.apache.shiro.web.util.WebUtils.toHttp; -import static org.seedstack.oauth.internal.OAuthUtils.*; +import com.nimbusds.oauth2.sdk.AuthorizationCode; +import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant; +import com.nimbusds.oauth2.sdk.AuthorizationResponse; +import com.nimbusds.oauth2.sdk.AuthorizationSuccessResponse; +import com.nimbusds.oauth2.sdk.ErrorResponse; +import com.nimbusds.oauth2.sdk.ParseException; +import com.nimbusds.oauth2.sdk.id.State; +import com.nimbusds.openid.connect.sdk.Nonce; @SecurityFilter("oauthCallback") public class OAuthCallbackFilter extends AuthenticatingFilter implements SessionRegeneratingFilter { @@ -56,10 +69,10 @@ protected AuthenticationToken createToken(ServletRequest request, ServletRespons oauthConfig, new AuthorizationCodeGrant( authorizationCode, - checkNotNull(oauthConfig.getRedirect(), "Missing redirect URI")), + checkNotNull(oauthConfig.getRedirect() != null ? oauthConfig.getRedirect() : createRedirectCallback(request), + "Missing redirect URI")), getNonce(), - createScope(oauthConfig.getScopes()) - ); + createScope(oauthConfig.getScopes())); } catch (Exception e) { return OAuthAuthenticationTokenImpl.ERRORED.apply(new AuthenticationException(e)); } @@ -72,8 +85,7 @@ protected boolean onAccessDenied(ServletRequest request, ServletResponse respons try { ((HttpServletResponse) response).sendError( HttpServletResponse.SC_UNAUTHORIZED, - OAuthUtils.formatUnauthorizedMessage(request, oauthConfig.isDiscloseUnauthorizedReason()) - ); + OAuthUtils.formatUnauthorizedMessage(request, oauthConfig.isDiscloseUnauthorizedReason())); } catch (IOException e1) { LOGGER.debug("Unable to send {} HTTP code to client", HttpServletResponse.SC_UNAUTHORIZED, e1); } @@ -83,14 +95,29 @@ protected boolean onAccessDenied(ServletRequest request, ServletResponse respons @Override protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, - ServletResponse response) throws Exception { + ServletResponse response) throws Exception { regenerateSession(subject); issueSuccessRedirect(request, response); return false; } + private URI createRedirectCallback(ServletRequest request) { + String scheme = request.getScheme(); + String host = request.getServerName(); + int port = request.getServerPort(); + try { + URI callback = new URI(scheme + "://" + host + ":" + port + "/callback"); + oauthConfig.setRedirect(callback); + return callback; + } catch (URISyntaxException e) { + e.printStackTrace(); + } + return null; + } + + @Override protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, - ServletRequest request, ServletResponse response) { + ServletRequest request, ServletResponse response) { if (LOGGER.isDebugEnabled()) { LOGGER.debug("Authentication exception", e); } @@ -118,9 +145,8 @@ private AuthorizationCode parseAuthorizationCode(HttpServletRequest request) thr throw new IllegalStateException("OAuth state mismatch"); } return ((AuthorizationSuccessResponse) authorizationResponse).getAuthorizationCode(); - } else { - throw buildGenericError((ErrorResponse) authorizationResponse); } + throw buildGenericError((ErrorResponse) authorizationResponse); } private Nonce getNonce() { From 36b0ad6dd41b15b9926c31ff0c71d77f6d62333a Mon Sep 17 00:00:00 2001 From: RICHARD BIDET - E360356 Date: Wed, 8 Oct 2025 10:53:27 +0200 Subject: [PATCH 4/6] Exclude 443 and 80 port in redirect URL --- .../seedstack/oauth/internal/OAuthAuthenticationFilter.java | 6 +++--- .../org/seedstack/oauth/internal/OAuthCallbackFilter.java | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/main/java/org/seedstack/oauth/internal/OAuthAuthenticationFilter.java b/src/main/java/org/seedstack/oauth/internal/OAuthAuthenticationFilter.java index e7a20f8..5f96400 100644 --- a/src/main/java/org/seedstack/oauth/internal/OAuthAuthenticationFilter.java +++ b/src/main/java/org/seedstack/oauth/internal/OAuthAuthenticationFilter.java @@ -161,13 +161,13 @@ private URI createRedirectCallback(ServletRequest request) { String host = request.getServerName(); int port = request.getServerPort(); try { - URI callback = new URI(scheme + "://" + host + ":" + port + "/callback"); + String portPart = (port == 80 || port == 443) ? "" : ":" + port; + URI callback = new URI(scheme + "://" + host + portPart + "/callback"); oauthConfig.setRedirect(callback); return callback; } catch (URISyntaxException e) { - e.printStackTrace(); + throw new IllegalStateException("Invalid redirect URI", e); } - return null; } private URI buildAuthorizationURI(State state, Scope scope, URI callback) { diff --git a/src/main/java/org/seedstack/oauth/internal/OAuthCallbackFilter.java b/src/main/java/org/seedstack/oauth/internal/OAuthCallbackFilter.java index 123b1d7..4525871 100644 --- a/src/main/java/org/seedstack/oauth/internal/OAuthCallbackFilter.java +++ b/src/main/java/org/seedstack/oauth/internal/OAuthCallbackFilter.java @@ -106,13 +106,13 @@ private URI createRedirectCallback(ServletRequest request) { String host = request.getServerName(); int port = request.getServerPort(); try { - URI callback = new URI(scheme + "://" + host + ":" + port + "/callback"); + String portPart = (port == 80 || port == 443) ? "" : ":" + port; + URI callback = new URI(scheme + "://" + host + portPart + "/callback"); oauthConfig.setRedirect(callback); return callback; } catch (URISyntaxException e) { - e.printStackTrace(); + throw new IllegalStateException("Invalid redirect URI", e); } - return null; } @Override From 8827da5df819cc99c720ddb34ec1ff52ee5d0281 Mon Sep 17 00:00:00 2001 From: RICHARD BIDET - E360356 Date: Fri, 17 Oct 2025 13:32:48 +0200 Subject: [PATCH 5/6] Move into createRedirectCallback OAuthUtils + don't set into oauthConfig --- .../internal/OAuthAuthenticationFilter.java | 17 +----- .../oauth/internal/OAuthCallbackFilter.java | 16 +---- .../seedstack/oauth/internal/OAuthUtils.java | 59 +++++++++++++------ 3 files changed, 43 insertions(+), 49 deletions(-) diff --git a/src/main/java/org/seedstack/oauth/internal/OAuthAuthenticationFilter.java b/src/main/java/org/seedstack/oauth/internal/OAuthAuthenticationFilter.java index 5f96400..eea30f4 100644 --- a/src/main/java/org/seedstack/oauth/internal/OAuthAuthenticationFilter.java +++ b/src/main/java/org/seedstack/oauth/internal/OAuthAuthenticationFilter.java @@ -14,7 +14,6 @@ import java.io.IOException; import java.net.URI; -import java.net.URISyntaxException; import java.util.List; import java.util.Map; import java.util.Optional; @@ -141,7 +140,7 @@ private boolean redirectToAuthorizationEndpoint(ServletRequest request, ServletR Nonce nonce = new Nonce(); Scope scope = createScope(oauthConfig.getScopes()); - URI callback = createRedirectCallback(request); + URI callback = OAuthUtils.createRedirectCallback(request); URI uri; if (scope.contains(OPENID_SCOPE)) { @@ -156,20 +155,6 @@ private boolean redirectToAuthorizationEndpoint(ServletRequest request, ServletR return true; } - private URI createRedirectCallback(ServletRequest request) { - String scheme = request.getScheme(); - String host = request.getServerName(); - int port = request.getServerPort(); - try { - String portPart = (port == 80 || port == 443) ? "" : ":" + port; - URI callback = new URI(scheme + "://" + host + portPart + "/callback"); - oauthConfig.setRedirect(callback); - return callback; - } catch (URISyntaxException e) { - throw new IllegalStateException("Invalid redirect URI", e); - } - } - private URI buildAuthorizationURI(State state, Scope scope, URI callback) { OAuthProvider oauthProvider = oAuthService.getOAuthProvider(); URI endpointURI = oauthProvider.getAuthorizationEndpoint(); diff --git a/src/main/java/org/seedstack/oauth/internal/OAuthCallbackFilter.java b/src/main/java/org/seedstack/oauth/internal/OAuthCallbackFilter.java index 4525871..adb61dd 100644 --- a/src/main/java/org/seedstack/oauth/internal/OAuthCallbackFilter.java +++ b/src/main/java/org/seedstack/oauth/internal/OAuthCallbackFilter.java @@ -69,7 +69,7 @@ protected AuthenticationToken createToken(ServletRequest request, ServletRespons oauthConfig, new AuthorizationCodeGrant( authorizationCode, - checkNotNull(oauthConfig.getRedirect() != null ? oauthConfig.getRedirect() : createRedirectCallback(request), + checkNotNull(oauthConfig.getRedirect() != null ? oauthConfig.getRedirect() : OAuthUtils.createRedirectCallback(request), "Missing redirect URI")), getNonce(), createScope(oauthConfig.getScopes())); @@ -101,20 +101,6 @@ protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, Ser return false; } - private URI createRedirectCallback(ServletRequest request) { - String scheme = request.getScheme(); - String host = request.getServerName(); - int port = request.getServerPort(); - try { - String portPart = (port == 80 || port == 443) ? "" : ":" + port; - URI callback = new URI(scheme + "://" + host + portPart + "/callback"); - oauthConfig.setRedirect(callback); - return callback; - } catch (URISyntaxException e) { - throw new IllegalStateException("Invalid redirect URI", e); - } - } - @Override protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) { diff --git a/src/main/java/org/seedstack/oauth/internal/OAuthUtils.java b/src/main/java/org/seedstack/oauth/internal/OAuthUtils.java index 4f300a1..118c3f3 100644 --- a/src/main/java/org/seedstack/oauth/internal/OAuthUtils.java +++ b/src/main/java/org/seedstack/oauth/internal/OAuthUtils.java @@ -7,23 +7,8 @@ */ package org.seedstack.oauth.internal; -import com.google.common.base.Strings; -import com.nimbusds.oauth2.sdk.*; -import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic; -import com.nimbusds.oauth2.sdk.auth.Secret; -import com.nimbusds.oauth2.sdk.http.HTTPResponse; -import com.nimbusds.oauth2.sdk.id.ClientID; -import com.nimbusds.oauth2.sdk.token.Tokens; -import com.nimbusds.openid.connect.sdk.Nonce; -import com.nimbusds.openid.connect.sdk.OIDCTokenResponse; -import com.nimbusds.openid.connect.sdk.token.OIDCTokens; -import org.apache.shiro.authc.AuthenticationException; -import org.seedstack.oauth.OAuthConfig; -import org.seedstack.oauth.OAuthProvider; -import org.seedstack.seed.SeedException; -import org.seedstack.shed.exception.BaseException; +import static com.google.common.base.Preconditions.checkNotNull; -import javax.servlet.ServletRequest; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.net.URI; @@ -34,7 +19,31 @@ import java.util.List; import java.util.Map; -import static com.google.common.base.Preconditions.checkNotNull; +import javax.servlet.ServletRequest; + +import org.apache.shiro.authc.AuthenticationException; +import org.seedstack.oauth.OAuthConfig; +import org.seedstack.oauth.OAuthProvider; +import org.seedstack.seed.SeedException; +import org.seedstack.shed.exception.BaseException; + +import com.google.common.base.Strings; +import com.nimbusds.oauth2.sdk.AccessTokenResponse; +import com.nimbusds.oauth2.sdk.AuthorizationGrant; +import com.nimbusds.oauth2.sdk.ErrorObject; +import com.nimbusds.oauth2.sdk.ErrorResponse; +import com.nimbusds.oauth2.sdk.ParseException; +import com.nimbusds.oauth2.sdk.Scope; +import com.nimbusds.oauth2.sdk.TokenRequest; +import com.nimbusds.oauth2.sdk.TokenResponse; +import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic; +import com.nimbusds.oauth2.sdk.auth.Secret; +import com.nimbusds.oauth2.sdk.http.HTTPResponse; +import com.nimbusds.oauth2.sdk.id.ClientID; +import com.nimbusds.oauth2.sdk.token.Tokens; +import com.nimbusds.openid.connect.sdk.Nonce; +import com.nimbusds.openid.connect.sdk.OIDCTokenResponse; +import com.nimbusds.openid.connect.sdk.token.OIDCTokens; final class OAuthUtils { public static final String OPENID_SCOPE = "openid"; @@ -85,7 +94,7 @@ static Map> extractQueryParameters(URI uri) { } static OAuthAuthenticationTokenImpl requestTokens(OAuthProvider oauthProvider, OAuthConfig oauthConfig, - AuthorizationGrant authorizationGrant, Nonce nonce, Scope scope) { + AuthorizationGrant authorizationGrant, Nonce nonce, Scope scope) { URI endpointURI = oauthProvider.getTokenEndpoint(); Map> parameters = OAuthUtils.extractQueryParameters(endpointURI); endpointURI = OAuthUtils.stripQueryString(endpointURI); @@ -161,4 +170,18 @@ static String formatUnauthorizedMessage(ServletRequest request, boolean includeD } return msg; } + + static URI createRedirectCallback(ServletRequest request) { + String scheme = request.getScheme(); + String host = request.getServerName(); + int port = request.getServerPort(); + try { + String portPart = (port == 80 || port == 443) ? "" : ":" + port; + URI callback = new URI(scheme + "://" + host + portPart + "/callback"); + // oauthConfig.setRedirect(callback); + return callback; + } catch (URISyntaxException e) { + throw new IllegalStateException("Invalid redirect URI", e); + } + } } From 7733b0e9afbf43dc0e0bf950be83d0c2de872e8a Mon Sep 17 00:00:00 2001 From: RICHARD BIDET - E360356 Date: Sun, 2 Nov 2025 10:46:25 +0100 Subject: [PATCH 6/6] Update OAuthUtils.java --- src/main/java/org/seedstack/oauth/internal/OAuthUtils.java | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/main/java/org/seedstack/oauth/internal/OAuthUtils.java b/src/main/java/org/seedstack/oauth/internal/OAuthUtils.java index 118c3f3..9e9f39c 100644 --- a/src/main/java/org/seedstack/oauth/internal/OAuthUtils.java +++ b/src/main/java/org/seedstack/oauth/internal/OAuthUtils.java @@ -177,9 +177,7 @@ static URI createRedirectCallback(ServletRequest request) { int port = request.getServerPort(); try { String portPart = (port == 80 || port == 443) ? "" : ":" + port; - URI callback = new URI(scheme + "://" + host + portPart + "/callback"); - // oauthConfig.setRedirect(callback); - return callback; + return new URI(scheme + "://" + host + portPart + "/callback"); } catch (URISyntaxException e) { throw new IllegalStateException("Invalid redirect URI", e); }