fix(jans-auth-server): check alg none to display error JARM issue310 (#…

…786)

* fix: check alg none to display error JARM issue310

check the algorithm none and display none algorithm is not allowed in FAPI

* fix: updated the alg none check condition

added proper condition to avoid comparing null object

jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceImpl.java

@@ -406,6 +406,14 @@ private Response requestAuthorization(
                 } catch (WebApplicationException e) {
                     JsonWebResponse jwr = parseRequestToJwr(request);
                     if (jwr != null) {
+                        String checkForAlg = jwr.getClaims().getClaimAsString("alg"); // to handle Jans Issue#310
+                        if ("none".equals(checkForAlg)) {
+                            throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST)
+                                    .entity(errorResponseFactory.getErrorAsJson(
+                                            AuthorizeErrorResponseType.INVALID_REQUEST_OBJECT, "",
+                                            "The None algorithm in nested JWT is not allowed for FAPI"))
+                                    .type(MediaType.APPLICATION_JSON_TYPE).build());
+                        }                        
                         responseMode = ResponseMode.getByValue(jwr.getClaims().getClaimAsString("response_mode"));
                         if (responseMode == ResponseMode.JWT) {
                             redirectUriResponse.getRedirectUri().setResponseMode(ResponseMode.JWT);