[
https://issues.apache.org/jira/browse/CXF-7944?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Levi Miller updated CXF-7944:
-----------------------------
Description:
OAuthClientUtils.getAccessToken hides the response error if the error message
contains a comma.
The root cause of this is that OAuthJSONProvider.readJSONResponse uses
String.split(",") to parse the json string, which throws
{code:java}
java.lang.StringIndexOutOfBoundsException: String index out of range: -1{code}
if there are unexpected commas.
Stack trace:
{code:java}
java.lang.StringIndexOutOfBoundsException: String index out of range: -1
at java.lang.String.substring(Unknown Source)
at
org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider.readJSONResponse(OAuthJSONProvider.java:310)
at
org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.getAccessToken(OAuthClientUtils.java:312)
at
org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.getAccessToken(OAuthClientUtils.java:231)
at
org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.getAccessToken(OAuthClientUtils.java:179){code}
response.getEntity() json string:
{code:java}
{"error":"invalid_client","error_description":"Client authentication failed due
to unknown client, no client authentication included, or unsupported
authentication method."}{code}
was:
OAuthClientUtils.getAccessToken hides the response error if the error message
contains a comma.
The root cause of this is that OAuthJSONProvider.readJSONResponse uses
String.split(",") to parse the json string, which throws
{code:java}
java.lang.StringIndexOutOfBoundsException: String index out of range: -1{code}
if there are unexpected commas.
Stack trace:
{code:java}
java.lang.StringIndexOutOfBoundsException: String index out of range: -1
at java.lang.String.substring(Unknown Source)
at
org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider.readJSONResponse(OAuthJSONProvider.java:310)
at
org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.getAccessToken(OAuthClientUtils.java:312)
at
org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.getAccessToken(OAuthClientUtils.java:231)
at
org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.getAccessToken(OAuthClientUtils.java:179){code}
Json:
{code:java}
{"error":"invalid_client","error_description":"Client authentication failed due
to unknown client, no client authentication included, or unsupported
authentication method."}{code}
> OAuthClientUtils hides error message if it contains a comma
> -----------------------------------------------------------
>
> Key: CXF-7944
> URL: https://issues.apache.org/jira/browse/CXF-7944
> Project: CXF
> Issue Type: Bug
> Affects Versions: 3.2.7
> Reporter: Levi Miller
> Priority: Major
>
> OAuthClientUtils.getAccessToken hides the response error if the error message
> contains a comma.
> The root cause of this is that OAuthJSONProvider.readJSONResponse uses
> String.split(",") to parse the json string, which throws
> {code:java}
> java.lang.StringIndexOutOfBoundsException: String index out of range: -1{code}
> if there are unexpected commas.
>
> Stack trace:
> {code:java}
> java.lang.StringIndexOutOfBoundsException: String index out of range: -1
> at java.lang.String.substring(Unknown Source)
> at
> org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider.readJSONResponse(OAuthJSONProvider.java:310)
> at
> org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.getAccessToken(OAuthClientUtils.java:312)
> at
> org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.getAccessToken(OAuthClientUtils.java:231)
> at
> org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.getAccessToken(OAuthClientUtils.java:179){code}
> response.getEntity() json string:
> {code:java}
> {"error":"invalid_client","error_description":"Client authentication failed
> due to unknown client, no client authentication included, or unsupported
> authentication method."}{code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
