[NXP-27175] Improve OAuth2 error when jwt token doesn't exist or is invalid - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 10.10, 11.1-SNAPSHOT
Fix Version/s: 10.10-HF06, 11.1, 2021.0
Component/s: Authentication, OAuth

Tags:
- SupCom
- noRNS
- nxcore
Backlog priority:
200
Answers Link:
https://answers.nuxeo.com/general/q/75fb1d38fbc048f59cf01d895f004335/Requesting-an-access-token-with-a-jwt
Sprint:
nxcore 11.1.8 / 11.1.9
Story Points:
2

Description

We want to improve error handling in NuxeoOAuth2Servlet when the received token can not be verified.
This can happen if no nuxeo.jwt.secret is configured in nuxeo.conf or if the received token is not valid against this secret.

Current situation leads to a NPE in NuxeoOAuth2Servlet when retrieving the user from claims.

Attachments

Issue Links

is related to

NEV-67 Change used token from JWT to OAuth2 in ARender

Resolved

Activity

People

Assignee:

Funsho David

Reporter:

Kevin Leturc

Participants:

Funsho David, Jenkins, Kevin Leturc

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2019-04-05 12:25

Updated:

2021-01-25 13:31

Resolved:

2019-04-26 15:30

Time Tracking

Estimated:

Not Specified

Remaining:

Logged: