mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2025-12-16 20:15:46 -06:00
Code Issues Packages Projects Releases Wiki Activity

PAR endpoind does not return an appropriate error regarding a request objec

Browse Source 
closes #41181

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
This commit is contained in:
Takashi Norimatsu
2025-07-16 20:16:07 +09:00
committed by Marek Posolda
parent ae553b10f6
commit 71f510d115
4 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
services/src/main/java/org/keycloak/protocol/oidc/par/endpoints/ParEndpoint.java
View File

@@ -27,6 +27,7 @@ import org.keycloak.events.EventType;
import org.keycloak.headers.SecurityHeadersProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.SingleUseObjectProvider;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.protocol.oidc.endpoints.AuthorizationEndpointChecker;
import org.keycloak.protocol.oidc.endpoints.request.AuthorizationEndpointRequest;
@@ -108,6 +109,9 @@ public class ParEndpoint extends AbstractParEndpoint {
try {
authorizationRequest = ParEndpointRequestParserProcessor.parseRequest(event, session, client, decodedFormParameters);
} catch (Exception e) {
if (!decodedFormParameters.containsKey(OIDCLoginProtocol.REQUEST_PARAM)) {
throw throwErrorResponseException(OAuthErrorException.INVALID_REQUEST, e.getMessage(), Response.Status.BAD_REQUEST);
}
throw throwErrorResponseException(OAuthErrorException.INVALID_REQUEST_OBJECT, e.getMessage(), Response.Status.BAD_REQUEST);
}

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/FAPI2DPoPTest.java
View File

@@ -444,7 +444,7 @@ public class FAPI2DPoPTest extends AbstractFAPI2Test {
.signedJwt(signedJwt)
.send();
assertEquals(400, pResp.getStatusCode());
assertEquals(OAuthErrorException.INVALID_REQUEST_OBJECT, pResp.getError());
assertEquals(OAuthErrorException.INVALID_REQUEST, pResp.getError());
// Set request object and correct responseType
requestObject = createValidRequestObjectForSecureRequestObjectExecutor(clientId);

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/FAPI2Test.java
View File

@@ -335,7 +335,7 @@ public class FAPI2Test extends AbstractFAPITest {
String signedJwt = createSignedRequestToken(clientId, Algorithm.PS256);
ParResponse pResp = oauth.pushedAuthorizationRequest().nonce("123456").signedJwt(signedJwt).send();
assertEquals(400, pResp.getStatusCode());
assertEquals(OAuthErrorException.INVALID_REQUEST_OBJECT, pResp.getError());
assertEquals(OAuthErrorException.INVALID_REQUEST, pResp.getError());
// Set request object and correct responseType
requestObject = createValidRequestObjectForSecureRequestObjectExecutor(clientId);

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/par/ParTest.java
View File

@@ -1010,7 +1010,7 @@ public class ParTest extends AbstractClientPoliciesTest {
oauth.redirectUri(CLIENT_REDIRECT_URI);
ParResponse pResp = oauth.doPushedAuthorizationRequest();
assertEquals(400, pResp.getStatusCode());
assertEquals(OAuthErrorException.INVALID_REQUEST_OBJECT, pResp.getError());
assertEquals(OAuthErrorException.INVALID_REQUEST, pResp.getError());
}
// PAR including invalid redirect_uri