Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

4.x - Incorrect token used for nonce validation #8386

Closed
Verdent opened this issue Feb 15, 2024 · 0 comments · Fixed by #8387
Closed

4.x - Incorrect token used for nonce validation #8386

Verdent opened this issue Feb 15, 2024 · 0 comments · Fixed by #8387
Assignees
@Verdent
Labels
4.x Version 4.x bug Something isn't working P1 security
Milestone
4.0.6

Comments

@Verdent
Copy link
Member

Verdent commented Feb 15, 2024

Environment Details

  • Helidon Version: 4.0.5
  • Helidon SE or Helidon MP: both
  • JDK version:
  • OS:
  • Docker version (if applicable):

OidcFeature checks incorrect token for nonce presence.

Failed to read JSON from response
java.lang.IllegalStateException: Nonce is required to be present in the access token
	at io.helidon.security.providers.oidc.OidcFeature.lambda$processJsonResponse$11(OidcFeature.java:492)
	at java.base/java.util.Optional.orElseThrow(Optional.java:403)
	at io.helidon.security.providers.oidc.OidcFeature.processJsonResponse(OidcFeature.java:492)
	at io.helidon.security.providers.oidc.OidcFeature.processCodeWithTenant(OidcFeature.java:425)
	at io.helidon.security.providers.oidc.OidcFeature.processCode(OidcFeature.java:382)
	at io.helidon.security.providers.oidc.OidcFeature.lambda$processOidcRedirect$9(OidcFeature.java:374)
	at java.base/java.util.Optional.ifPresentOrElse(Optional.java:196)
	at io.helidon.common.mapper.OptionalValue.ifPresentOrElse(OptionalValue.java:173)
	at io.helidon.security.providers.oidc.OidcFeature.processOidcRedirect(OidcFeature.java:374)
	at io.helidon.webserver.http.HttpRouting$RoutingExecutor.doRoute(HttpRouting.java:668)
	at io.helidon.webserver.http.HttpRouting$RoutingExecutor.call(HttpRouting.java:627)
	at io.helidon.webserver.http.HttpRouting$RoutingExecutor.call(HttpRouting.java:605)
	at io.helidon.webserver.http.ErrorHandlers.runWithErrorHandling(ErrorHandlers.java:75)
	at io.helidon.webserver.http.Filters$FilterChainImpl.proceed(Filters.java:121)
	at io.helidon.webserver.observe.metrics.MetricsFeature.lambda$configureVendorMetrics$2(MetricsFeature.java:90)
	at io.helidon.webserver.http.Filters$FilterChainImpl.proceed(Filters.java:119)
	at io.helidon.webserver.security.SecurityContextFilter.filter(SecurityContextFilter.java:88)
	at io.helidon.webserver.http.Filters$FilterChainImpl.proceed(Filters.java:119)
	at io.helidon.common.context.Contexts.runInContext(Contexts.java:117)
	at io.helidon.webserver.context.ContextRoutingFeature.filter(ContextRoutingFeature.java:50)
	at io.helidon.webserver.http.Filters$FilterChainImpl.proceed(Filters.java:119)
	at io.helidon.webserver.http.Filters.executeFilters(Filters.java:87)
	at io.helidon.webserver.http.Filters.lambda$filter$0(Filters.java:83)
	at io.helidon.webserver.http.ErrorHandlers.runWithErrorHandling(ErrorHandlers.java:75)
	at io.helidon.webserver.http.Filters.filter(Filters.java:83)
	at io.helidon.webserver.http.HttpRouting.route(HttpRouting.java:109)
	at io.helidon.webserver.http1.Http1Connection.route(Http1Connection.java:357)
	at io.helidon.webserver.http1.Http1Connection.handle(Http1Connection.java:194)
	at io.helidon.webserver.ConnectionHandler.run(ConnectionHandler.java:165)
	at io.helidon.common.task.InterruptableTask.call(InterruptableTask.java:47)
	at io.helidon.webserver.ThreadPerTaskExecutor$ThreadBoundFuture.run(ThreadPerTaskExecutor.java:239)
	at java.base/java.lang.VirtualThread.run(VirtualThread.java:309)
@Verdent Verdent added bug Something isn't working security P1 4.x Version 4.x labels Feb 15, 2024
@Verdent Verdent added this to the 4.0.6 milestone Feb 15, 2024
@Verdent Verdent self-assigned this Feb 15, 2024
This was referenced Feb 15, 2024
Closed
Merged
@Verdent Verdent changed the title 4.x - Incorrect token for nonce presence 4.x - Incorrect token used for nonce validation Feb 22, 2024
@m0mus m0mus added this to Backlog Aug 12, 2024
@m0mus m0mus moved this to Closed in Backlog Aug 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Verdent Verdent

Labels
4.x Version 4.x bug Something isn't working P1 security
Projects
Backlog
Archived in project
Milestone
4.0.6
Development

Successfully merging a pull request may close this issue.

OIDC updates Verdent/helidon
1 participant
@Verdent