fix(jans-auth-server): white/blank screen after device flow authn #4237…

… (#4243)

* fix(jans-auth-server): white/blank screen after device flow authn #4237

* fix: skip script identification when it's not needed  #4237

jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java

@@ -403,8 +403,8 @@ public class AppConfiguration implements Configuration {
     @DocProperty(description = "Enable/Disable redirect uris validation using regular expression", defaultValue = "false")
     private Boolean redirectUrisRegexEnabled = false;
 
-    @DocProperty(description = "Enable/Disable usage of highest level script in case ACR script does not exist", defaultValue = "true")
-    private Boolean useHighestLevelScriptIfAcrScriptNotFound = true;
+    @DocProperty(description = "Enable/Disable usage of highest level script in case ACR script does not exist", defaultValue = "false")
+    private Boolean useHighestLevelScriptIfAcrScriptNotFound;
 
     @DocProperty(description = "Boolean value specifying whether to enable user authentication filters")
     private Boolean authenticationFiltersEnabled;

jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeAction.java

@@ -46,8 +46,10 @@
 import io.jans.model.custom.script.conf.CustomScriptConfiguration;
 import io.jans.orm.exception.EntryPersistenceException;
 import io.jans.service.net.NetworkService;
+import io.jans.util.OxConstants;
 import io.jans.util.StringHelper;
 import io.jans.util.ilocale.LocaleUtil;
+import org.apache.commons.lang.BooleanUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.text.StringEscapeUtils;
 import org.apache.logging.log4j.util.Strings;
@@ -283,9 +285,11 @@ public void checkPermissionGranted() throws IOException {
 
             String redirectTo = "/login.xhtml";
 
+            List<String> acrValuesList = sessionIdService.acrValuesList(this.acrValues);
             boolean useExternalAuthenticator = externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.INTERACTIVE);
-            if (useExternalAuthenticator) {
-                List<String> acrValuesList = sessionIdService.acrValuesList(this.acrValues);
+            boolean skipScript = acrValuesList.isEmpty() && BooleanUtils.isFalse(appConfiguration.getUseHighestLevelScriptIfAcrScriptNotFound())
+                    && OxConstants.SCRIPT_TYPE_INTERNAL_RESERVED_NAME.equalsIgnoreCase(defaultAuthenticationMode.getName());
+            if (useExternalAuthenticator && !skipScript) {
                 if (acrValuesList.isEmpty()) {
                     acrValuesList = Arrays.asList(defaultAuthenticationMode.getName());
                 }

jans-linux-setup/jans_setup/openbanking/templates/jans-auth/jans-auth-config.json

@@ -394,7 +394,7 @@
     "staticKid": "%(static_kid)s",
     "forceOfflineAccessScopeToEnableRefreshToken" : false,
     "redirectUrisRegexEnabled": false,
-    "useHighestLevelScriptIfAcrScriptNotFound": true,
+    "useHighestLevelScriptIfAcrScriptNotFound": false,
     "blockWebviewAuthorizationEnabled": false,
     "dateFormatterPatterns": {
         "birthdate": "yyyy-MM-dd"

jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-config.json

@@ -482,7 +482,7 @@
     "deviceAuthzTokenPollInterval": 5,
     "deviceAuthzResponseTypeToProcessAuthz": "code",
     "redirectUrisRegexEnabled": true,
-    "useHighestLevelScriptIfAcrScriptNotFound": true,
+    "useHighestLevelScriptIfAcrScriptNotFound": false,
     "agamaConfiguration": {
         "enabled": true,
         "templatesPath": "/ftl",