fix: When wellKnownUrl is temporary not reachable, and get back onlin…

…e, the OIDC login not working - EXO-62561 Before this fix, if the well know url is not reachable, the server is unable to read it when it came back online. In addition, the error message is not clear. This commit improve the error message and ensure to be able to reread the url if it came back online Resolved Meeds-io/meeds#2252
Meeds-io · Jul 2, 2024 · 84ddb27 · 84ddb27
1 parent 75398cc
commit 84ddb27
Showing 1 changed file with 22 additions and 11 deletions.
diff --git a/component/oauth-auth/src/main/java/io/meeds/oauth/openid/OpenIdProcessorImpl.java b/component/oauth-auth/src/main/java/io/meeds/oauth/openid/OpenIdProcessorImpl.java
@@ -81,7 +81,8 @@ public class OpenIdProcessorImpl implements OpenIdProcessor, Startable {
 
   private final String                accessType;
 
-  private final String                wellKnownConfigurationUrl;
+  private final String  wellKnownConfigurationUrl;
+  private       boolean wellKnownConfigurationLoaded;
 
   private final String                applicationName;
 
@@ -98,6 +99,7 @@ public OpenIdProcessorImpl(ExoContainerContext context, InitParams params, Secur
     this.clientSecret = params.getValueParam("clientSecret").getValue();
     String redirectURLParam = params.getValueParam("redirectURL").getValue();
     this.wellKnownConfigurationUrl = params.getValueParam("wellKnownConfigurationUrl").getValue();
+    this.wellKnownConfigurationLoaded = false;
     String scope = params.getValueParam("scope").getValue();
     this.accessType = params.getValueParam("accessType").getValue();
     ValueParam appNameParam = params.getValueParam("applicationName");
@@ -183,6 +185,10 @@ protected InteractionState<OpenIdAccessTokenContext> processOAuthInteractionImpl
   //
   protected InteractionState<OpenIdAccessTokenContext> initialInteraction(HttpServletRequest request,
                                                                           HttpServletResponse response) throws IOException {
+
+    if (!this.wellKnownConfigurationLoaded) {
+      readWellKnownConfiguration();
+    }
     String verificationState = String.valueOf(secureRandomService.getSecureRandom().nextLong());
     String authorizeUrl = this.authenticationURL + "?" + "response_type=code" + "&client_id=" + this.clientID + "&scope="
         + this.scopes.stream().collect(Collectors.joining(" ")) + "&redirect_uri=" + this.redirectURL + "&state="
@@ -449,15 +455,7 @@ public void start() {
         return;
       }
       try {
-        String wellKnownConfigurationContent = readUrl(new URL(this.wellKnownConfigurationUrl));
-        if (wellKnownConfigurationContent != null) {
-          JSONObject json = new JSONObject(wellKnownConfigurationContent);
-          this.authenticationURL = json.getString("authorization_endpoint");
-          this.accessTokenURL = json.getString("token_endpoint");
-          this.userInfoURL = json.getString("userinfo_endpoint");
-          this.issuer = json.getString("issuer");
-          this.remoteJwkSigningKeyResolver = new RemoteJwkSigningKeyResolver(this.wellKnownConfigurationUrl);
-        }
+        readWellKnownConfiguration();
       } catch (JSONException e) {
         log.error("Unable to read webKnownUrl content : " + this.wellKnownConfigurationUrl, e);
       } catch (MalformedURLException e) {
@@ -466,6 +464,19 @@ public void start() {
     }
   }
 
+  private void readWellKnownConfiguration() throws MalformedURLException {
+    String wellKnownConfigurationContent = readUrl(new URL(this.wellKnownConfigurationUrl));
+    if (wellKnownConfigurationContent != null) {
+      JSONObject json = new JSONObject(wellKnownConfigurationContent);
+      this.authenticationURL = json.getString("authorization_endpoint");
+      this.accessTokenURL = json.getString("token_endpoint");
+      this.userInfoURL = json.getString("userinfo_endpoint");
+      this.issuer = json.getString("issuer");
+      this.remoteJwkSigningKeyResolver = new RemoteJwkSigningKeyResolver(this.wellKnownConfigurationUrl);
+      this.wellKnownConfigurationLoaded = true;
+    }
+  }
+
   @Override
   public void stop() {
     // Nothing to stop
@@ -481,7 +492,7 @@ private static String readUrl(URL url) {
 
       return buffer.toString();
     } catch (IOException e) {
-      log.error(e.getMessage());
+      log.error("Unable to read url {}",url,e);
     }
     return null;
   }