From 16193a2d7691260fba977d2d925a29f986edb1a2 Mon Sep 17 00:00:00 2001
From: YuriyZ <yzabrovarniy@gmail.com>
Date: Thu, 4 Apr 2024 11:47:54 +0300
Subject: [PATCH] fix(jans-auth-server): device auth is failing

https://github.com/JanssenProject/jans/issues/8221
Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>
---
 .../ws/rs/AuthorizeRestWebServiceValidator.java          | 9 +++++++--
 .../ws/rs/AuthorizeRestWebServiceValidatorTest.java      | 7 +++++++
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceValidator.java b/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceValidator.java
index e0e93ec2990..a493b09435c 100644
--- a/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceValidator.java
+++ b/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceValidator.java
@@ -418,14 +418,19 @@ public void validateAcrs(AuthzRequest authzRequest, Client client) throws AcrCha
     }
 
     public void checkAcrScriptIsAvailable(AuthzRequest authzRequest) {
-        if (Util.isBuiltInPasswordAuthn(authzRequest.getAcrValues())) {
+        final String acrValues = authzRequest.getAcrValues();
+        if (StringUtils.isBlank(acrValues)) {
+            return; // nothing to validate
+        }
+
+        if (Util.isBuiltInPasswordAuthn(acrValues)) {
             return; // no need for script for built-in "simple_password_auth"
         }
 
         CustomScriptConfiguration script = externalAuthenticationService.determineCustomScriptConfiguration(AuthenticationScriptUsageType.INTERACTIVE, authzRequest.getAcrValuesList());
         if (script == null) {
             String msg = String.format("Unable to find script for acr: %s. Send error: %s",
-                    authzRequest.getAcrValues(), AuthorizeErrorResponseType.UNMET_AUTHENTICATION_REQUIREMENTS.getParameter());
+                    acrValues, AuthorizeErrorResponseType.UNMET_AUTHENTICATION_REQUIREMENTS.getParameter());
             log.debug(msg);
             throw authzRequest.getRedirectUriResponse().createWebException(AuthorizeErrorResponseType.UNMET_AUTHENTICATION_REQUIREMENTS, msg);
         }
diff --git a/jans-auth-server/server/src/test/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceValidatorTest.java b/jans-auth-server/server/src/test/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceValidatorTest.java
index 730688169ee..99aa58fa56d 100644
--- a/jans-auth-server/server/src/test/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceValidatorTest.java
+++ b/jans-auth-server/server/src/test/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceValidatorTest.java
@@ -68,6 +68,13 @@ public class AuthorizeRestWebServiceValidatorTest {
     @Mock
     private ExternalAuthenticationService externalAuthenticationService;
 
+    @Test
+    public void checkAcrScriptIsAvailable_forBlankAcr_shouldPass() {
+        AuthzRequest authzRequest = new AuthzRequest();
+
+        authorizeRestWebServiceValidator.checkAcrScriptIsAvailable(authzRequest);
+    }
+
     @Test
     public void checkAcrScriptIsAvailable_forBuildInAcr_shouldPass() {
         AuthzRequest authzRequest = new AuthzRequest();