4.x - Incorrect token used for nonce validation #8386

Verdent · 2024-02-15T15:49:13Z

Environment Details

Helidon Version: 4.0.5
Helidon SE or Helidon MP: both
JDK version:
OS:
Docker version (if applicable):

OidcFeature checks incorrect token for nonce presence.

Failed to read JSON from response
java.lang.IllegalStateException: Nonce is required to be present in the access token
	at io.helidon.security.providers.oidc.OidcFeature.lambda$processJsonResponse$11(OidcFeature.java:492)
	at java.base/java.util.Optional.orElseThrow(Optional.java:403)
	at io.helidon.security.providers.oidc.OidcFeature.processJsonResponse(OidcFeature.java:492)
	at io.helidon.security.providers.oidc.OidcFeature.processCodeWithTenant(OidcFeature.java:425)
	at io.helidon.security.providers.oidc.OidcFeature.processCode(OidcFeature.java:382)
	at io.helidon.security.providers.oidc.OidcFeature.lambda$processOidcRedirect$9(OidcFeature.java:374)
	at java.base/java.util.Optional.ifPresentOrElse(Optional.java:196)
	at io.helidon.common.mapper.OptionalValue.ifPresentOrElse(OptionalValue.java:173)
	at io.helidon.security.providers.oidc.OidcFeature.processOidcRedirect(OidcFeature.java:374)
	at io.helidon.webserver.http.HttpRouting$RoutingExecutor.doRoute(HttpRouting.java:668)
	at io.helidon.webserver.http.HttpRouting$RoutingExecutor.call(HttpRouting.java:627)
	at io.helidon.webserver.http.HttpRouting$RoutingExecutor.call(HttpRouting.java:605)
	at io.helidon.webserver.http.ErrorHandlers.runWithErrorHandling(ErrorHandlers.java:75)
	at io.helidon.webserver.http.Filters$FilterChainImpl.proceed(Filters.java:121)
	at io.helidon.webserver.observe.metrics.MetricsFeature.lambda$configureVendorMetrics$2(MetricsFeature.java:90)
	at io.helidon.webserver.http.Filters$FilterChainImpl.proceed(Filters.java:119)
	at io.helidon.webserver.security.SecurityContextFilter.filter(SecurityContextFilter.java:88)
	at io.helidon.webserver.http.Filters$FilterChainImpl.proceed(Filters.java:119)
	at io.helidon.common.context.Contexts.runInContext(Contexts.java:117)
	at io.helidon.webserver.context.ContextRoutingFeature.filter(ContextRoutingFeature.java:50)
	at io.helidon.webserver.http.Filters$FilterChainImpl.proceed(Filters.java:119)
	at io.helidon.webserver.http.Filters.executeFilters(Filters.java:87)
	at io.helidon.webserver.http.Filters.lambda$filter$0(Filters.java:83)
	at io.helidon.webserver.http.ErrorHandlers.runWithErrorHandling(ErrorHandlers.java:75)
	at io.helidon.webserver.http.Filters.filter(Filters.java:83)
	at io.helidon.webserver.http.HttpRouting.route(HttpRouting.java:109)
	at io.helidon.webserver.http1.Http1Connection.route(Http1Connection.java:357)
	at io.helidon.webserver.http1.Http1Connection.handle(Http1Connection.java:194)
	at io.helidon.webserver.ConnectionHandler.run(ConnectionHandler.java:165)
	at io.helidon.common.task.InterruptableTask.call(InterruptableTask.java:47)
	at io.helidon.webserver.ThreadPerTaskExecutor$ThreadBoundFuture.run(ThreadPerTaskExecutor.java:239)
	at java.base/java.lang.VirtualThread.run(VirtualThread.java:309)

The text was updated successfully, but these errors were encountered:

Verdent added bug Something isn't working security P1 4.x Version 4.x labels Feb 15, 2024

Verdent added this to the 4.0.6 milestone Feb 15, 2024

Verdent self-assigned this Feb 15, 2024

This was referenced Feb 15, 2024

4.x NPE observed when refresh access tokens are not allowed for users using OIDC security provider #8335

Closed

OIDC updates #8387

Merged

Verdent closed this as completed in #8387 Feb 22, 2024

Verdent changed the title ~~4.x - Incorrect token for nonce presence~~ 4.x - Incorrect token used for nonce validation Feb 22, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

4.x - Incorrect token used for nonce validation #8386

4.x - Incorrect token used for nonce validation #8386

Verdent commented Feb 15, 2024

4.x - Incorrect token used for nonce validation #8386

4.x - Incorrect token used for nonce validation #8386

Comments

Verdent commented Feb 15, 2024

Environment Details