Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-27175

Improve OAuth2 error when jwt token doesn't exist or is invalid

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 10.10-HF02, 11.1-SNAPSHOT
    • Fix Version/s: 10.10-HF06, 11.1
    • Component/s: Authentication, OAuth

      Description

      We want to improve error handling in NuxeoOAuth2Servlet when the received token can not be verified.
      This can happen if no nuxeo.jwt.secret is configured in nuxeo.conf or if the received token is not valid against this secret.

      Current situation leads to a NPE in NuxeoOAuth2Servlet when retrieving the user from claims.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 hours
                  2h

                    PagerDuty

                    Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.