Add support for application/jwt in generic OAuth handler

[themao]

I've set the necessary env variables to authenticate with Keycloak, the URL is formed properly, I get redirected to the Keycloak instance, authenticate there and get redirected back and then get an "Unexpected error occurred", this is what is thrown in the container logs:

i18n-app-1  | 2023-10-17 16:56:53.828 ERROR 1 --- [nio-8080-exec-8] io.tolgee.ExceptionHandlers              : org.springframework.web.client.UnknownContentTypeException: Could not extract response: no suitable HttpMessageConverter found for response type [class io.tolgee.security.third_party.OAuth2Delegate$GenericUserResponse] and content type [application/jwt]
i18n-app-1  | 	at org.springframework.web.client.HttpMessageConverterExtractor.extractData(HttpMessageConverterExtractor.java:126)
i18n-app-1  | 	at org.springframework.web.client.RestTemplate$ResponseEntityResponseExtractor.extractData(RestTemplate.java:1043)
i18n-app-1  | 	at org.springframework.web.client.RestTemplate$ResponseEntityResponseExtractor.extractData(RestTemplate.java:1026)
i18n-app-1  | 	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:784)
i18n-app-1  | 	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:717)
i18n-app-1  | 	at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:608)
i18n-app-1  | 	at io.tolgee.security.third_party.OAuth2Delegate.getTokenResponse(OAuth2Delegate.kt:71)
i18n-app-1  | 	at io.tolgee.controllers.PublicController.authenticateUser(PublicController.kt:176)
i18n-app-1  | 	at io.tolgee.controllers.PublicController$$FastClassBySpringCGLIB$$26157d8c.invoke(<generated>)

Env vars that I set are:

TOLGEE_AUTHENTICATION_OAUTH2_AUTHORIZATION_URL=https://.../protocol/openid-connect/auth
TOLGEE_AUTHENTICATION_OAUTH2_TOKEN_URL=https://.../protocol/openid-connect/token
TOLGEE_AUTHENTICATION_OAUTH2_USER_URL=https://.../protocol/openid-connect/userinfo
TOLGEE_AUTHENTICATION_OAUTH2_CLIENT_ID=sso-client
TOLGEE_AUTHENTICATION_OAUTH2_CLIENT_SECRET=secret
TOLGEE_AUTHENTICATION_OAUTH2_SCOPES=openid email profile

What could be the issue here? I didn't find any similar issues on Github.

[cyyynthia]

This is something Tolgee currently cannot handle as-is. Tolgee can only support responses in plain JSON, or fails to deserialize them. Until support is added in Tolgee itself I'm afraid there's no workaround to get this working. 😢

[themao]

Oh, okay, I see! Thanks for having a look so quickly. I understood what the problem is and how it can be solved in my current setup - I just added a new client that does not sign the responses with RS256 so it gives back the userinfo in plain JSON https://stackoverflow.com/questions/69499368/keycloak-userinfo-not-returning-user-info-returns-what-appears-to-be-a-token

Other apps in the system that use JWT tokens for communication are working with signed responses with the Firebase JWT library, so I thought maybe it can be done here in a similar manner? https://github.com/firebase/php-jwt/blob/main/src/JWT.php#L102

Or how is it better to approach this situation? It doesn't look like it's the most required feature, I know, so maybe I could prepare a PR with these changes (if I will be able to set up the project, I don't code in Java on a regular basis)

[cyyynthia]

It can be; the problem here is the deserialization step which needs to be handled when the content-type is application/jwt, and then everything should work just fine after this step.

A PR would be very appreciated! The way OAuth works currently is sub-par and I definitely want to improve it on many levels, but in the meantime these kind of changes are nice to have, and will reduce the amount of work I'll have to do later on! 😄

[github-actions]

This issue is stale because it has been open for 30 days with no activity.

[JanCizmar]

Hey! I have created an issue for the SSO here: #2273

So I am closing this in favour of the master issue.