feat(jans-auth-server): updated redirect uri validation for First-Par…

…ty Apps #10380 Signed-off-by: YuriyZ <[email protected]>
JanssenProject · Dec 17, 2024 · 15c03ef · 15c03ef
1 parent 87bb155
commit 15c03ef
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 23 deletions.
diff --git a/...rver/server/src/main/java/io/jans/as/server/token/ws/rs/TokenRestWebServiceValidator.java b/...rver/server/src/main/java/io/jans/as/server/token/ws/rs/TokenRestWebServiceValidator.java
@@ -82,7 +82,7 @@ public void validatePKCE(AuthorizationCodeGrant grant, String codeVerifier, OAut
     }
 
     public void validateParams(String grantType, String code,
-                               String redirectUri, String refreshToken, OAuth2AuditLog auditLog) {
+                               String refreshToken, OAuth2AuditLog auditLog) {
         log.debug("Starting to validate request parameters");
         if (grantType == null || grantType.isEmpty()) {
             final String msg = "Grant Type is not set.";
@@ -98,11 +98,6 @@ public void validateParams(String grantType, String code,
                 log.trace(msg);
                 throw new WebApplicationException(response(error(400, TokenErrorResponseType.INVALID_REQUEST, msg), auditLog));
             }
-            if (StringUtils.isBlank(redirectUri)) {
-                final String msg = "redirect_uri is not set for AUTHORIZATION_CODE.";
-                log.trace(msg);
-                throw new WebApplicationException(response(error(400, TokenErrorResponseType.INVALID_REQUEST, msg), auditLog));
-            }
             return;
         }
 
@@ -173,6 +168,14 @@ public void validateGrant(AuthorizationGrant grant, Client client, Object identi
         validateGrant(grant, client, identifier, auditLog, null);
     }
 
+    public void validateRedirectUri(String redirectUri, OAuth2AuditLog auditLog) {
+        if (StringUtils.isBlank(redirectUri)) {
+            final String msg = "redirect_uri is not set for AUTHORIZATION_CODE.";
+            log.trace(msg);
+            throw new WebApplicationException(response(error(400, TokenErrorResponseType.INVALID_REQUEST, msg), auditLog));
+        }
+    }
+
 
     public void validateGrant(AuthorizationGrant grant, Client client, Object identifier, OAuth2AuditLog auditLog, Consumer<AuthorizationGrant> onFailure) {
         if (grant == null) {

diff --git a/.../server/src/test/java/io/jans/as/server/token/ws/rs/TokenRestWebServiceValidatorTest.java b/.../server/src/test/java/io/jans/as/server/token/ws/rs/TokenRestWebServiceValidatorTest.java
@@ -172,7 +172,7 @@ public void validateActorTokenType_withValidTokenType_shouldPassSuccessfully() {
     @Test
     public void validateParams_whenGrantTypeIsBlank_shouldRaiseError() {
         try {
-            validator.validateParams("", "some_code", "https://my.redirect", "refresh_token", AUDIT_LOG);
+            validator.validateParams("", "some_code", "refresh_token", AUDIT_LOG);
         } catch (WebApplicationException e) {
             assertBadRequest(e.getResponse());
             return;
@@ -183,30 +183,18 @@ public void validateParams_whenGrantTypeIsBlank_shouldRaiseError() {
     @Test
     public void validateParams_whenGrantTypeIsAuthorizationCodeAndCodeIsBlank_shouldRaiseError() {
         try {
-            validator.validateParams(GrantType.AUTHORIZATION_CODE.getValue(), "", "https://my.redirect", "refresh_token", AUDIT_LOG);
+            validator.validateParams(GrantType.AUTHORIZATION_CODE.getValue(), "", "refresh_token", AUDIT_LOG);
         } catch (WebApplicationException e) {
             assertBadRequest(e.getResponse());
             return;
         }
         fail("No error for blank code for AUTHORIZATION_CODE grant type.");
     }
 
-
-    @Test
-    public void validateParams_whenGrantTypeIsAuthorizationCodeAndRedirectUriIsBlank_shouldRaiseError() {
-        try {
-            validator.validateParams(GrantType.AUTHORIZATION_CODE.getValue(), "some_code", "", "refresh_token", AUDIT_LOG);
-        } catch (WebApplicationException e) {
-            assertBadRequest(e.getResponse());
-            return;
-        }
-        fail("No error for blank redirect_uri for AUTHORIZATION_CODE grant type.");
-    }
-
     @Test
     public void validateParams_whenGrantTypeIsRefreshTokenAndRefreshTokenIsBlank_shouldRaiseError() {
         try {
-            validator.validateParams(GrantType.REFRESH_TOKEN.getValue(), "some_code", "https://my.redirect", "", AUDIT_LOG);
+            validator.validateParams(GrantType.REFRESH_TOKEN.getValue(), "some_code", "", AUDIT_LOG);
         } catch (WebApplicationException e) {
             assertBadRequest(e.getResponse());
             return;
@@ -217,7 +205,7 @@ public void validateParams_whenGrantTypeIsRefreshTokenAndRefreshTokenIsBlank_sho
     @Test
     public void validateParams_whenGrantTypeIsAuthorizationCodeAndCodeIsNotBlank_shouldNotRaiseError() {
         try {
-            validator.validateParams(GrantType.AUTHORIZATION_CODE.getValue(), "some_code", "https://my.redirect", "", AUDIT_LOG);
+            validator.validateParams(GrantType.AUTHORIZATION_CODE.getValue(), "some_code", "", AUDIT_LOG);
         } catch (WebApplicationException e) {
             fail("Error occurs. We should not get it.");
         }
@@ -226,7 +214,7 @@ public void validateParams_whenGrantTypeIsAuthorizationCodeAndCodeIsNotBlank_sho
     @Test
     public void validateParams_whenGrantTypeIsRefreshTokenAndRefreshTokenIsNotBlank_shouldNotRaiseError() {
         try {
-            validator.validateParams(GrantType.REFRESH_TOKEN.getValue(), "", "https://my.redirect", "refresh_token", AUDIT_LOG);
+            validator.validateParams(GrantType.REFRESH_TOKEN.getValue(), "", "refresh_token", AUDIT_LOG);
         } catch (WebApplicationException e) {
             fail("Error occurs. We should not get it.");
         }