Skip to content

Commit

Permalink
Merge pull request #1728 from cboehme/ELY-2360
Browse files Browse the repository at this point in the history 
[ELY-2360] Change OIDC_STATE delimiter
  • Loading branch information
@Skyllarr
Skyllarr committed Jul 28, 2022
2 parents ac53e1c + 6d0a227 commit a1e323c
Showing 1 changed file with 9 additions and 2 deletions.
11 changes: 9 additions & 2 deletions http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcCookieTokenStore.java
View file
Expand Up @@ -36,7 +36,8 @@
public class OidcCookieTokenStore implements OidcTokenStore {

private final OidcHttpFacade httpFacade;
private static final String DELIM = "___";
private static final String DELIM = "###";
private static final String LEGACY_DELIM = "___";
private static final int EXPECTED_NUM_TOKENS = 3;
private static final int ACCESS_TOKEN_INDEX = 0;
private static final int ID_TOKEN_INDEX = 1;
Expand Down Expand Up @@ -206,7 +207,13 @@ public static OidcPrincipal<RefreshableOidcSecurityContext> getPrincipalFromCook
String cookieVal = cookie.getValue();
String[] tokens = cookieVal.split(DELIM);
if (tokens.length != EXPECTED_NUM_TOKENS) {
log.warnf("Invalid format of %s cookie. Count of tokens: %s, expected 3", OIDC_STATE_COOKIE, tokens.length);
// Cookies set by older versions of wildfly-elytron use a different token delimiter. Since clients may
// still send such cookies we fall back to the old delimiter to avoid discarding valid tokens:
tokens = cookieVal.split(LEGACY_DELIM);
}
if (tokens.length != EXPECTED_NUM_TOKENS) {
log.warnf("Invalid format of %s cookie. Count of tokens: %s, expected %s", OIDC_STATE_COOKIE, tokens.length, EXPECTED_NUM_TOKENS);
log.debugf("Value of %s cookie is: %s", OIDC_STATE_COOKIE, cookieVal);
return null;
}
String accessTokenString = tokens[ACCESS_TOKEN_INDEX];
Expand Down

0 comments on commit a1e323c

Please sign in to comment.