Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15078

tokeninfo endpoint returns Error 500 when jwt malformed

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 5.5.1
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Sprint:
      AM Sustaining Sprint 64
    • Story Points:
      2
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      This is related to OPENAM-14766.  If a jwt token is supplied but missing expected information, then this can result in an error 500

      How to reproduce the issue

      1. Configure OAuth2 Provider
      2. Provide a specific jwt that parses successfully in jwt.io but is missing specific information (further details to be provided here).
      Expected behaviour
      Error 40x results - issue with provided token.
      
      Current behaviour
      Error 500 occurs.  Stack trace seen in debug OAuth2Provider logs is:
      
      Caused by: java.lang.NullPointerException at java.lang.String.<init>(String.java:515) at org.forgerock.json.jose.utils.Utils.base64urlDecode(Utils.java:64) at org.forgerock.json.jose.common.JwtReconstruction.reconstructJwt(JwtReconstruction.java:67) at org.forgerock.openam.oauth2.guice.OAuth2GuiceModule$DefaultStatelessCheck.byToken(OAuth2GuiceModule.java:265) at org.forgerock.openam.oauth2.guice.OAuth2GuiceModule$DefaultStatelessCheck.byToken(OAuth2GuiceModule.java:254) at org.forgerock.openam.oauth2.OpenAMTokenStore.readAccessToken(OpenAMTokenStore.java:160) at org.forgerock.openam.oauth2.OpenAMTokenStore.readAccessToken(OpenAMTokenStore.java:150) at org.forgerock.oauth2.core.AccessTokenVerifier.verify(AccessTokenVerifier.java:69) at org.forgerock.oauth2.core.TokenInfoService.getTokenInfo(TokenInfoService.java:82) at org.forgerock.oauth2.restlet.ValidationServerResource.validate(ValidationServerResource.java:69)
      

        Attachments

          Activity

            People

            Assignee:
            lawrence.yarham Lawrence Yarham
            Reporter:
            lawrence.yarham Lawrence Yarham
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: