This issue has been created
 
 
OpenId Connect / cid:jira-generated-image-avatar-96121478-1a45-4544-b9f5-bc7662fbebd7 OIDC-198 Open

userinfo endpoint does not support OPTIONS http requests
 
View issue   ยท   Add comment
 

Issue created

 
cid:jira-generated-image-avatar-b8fc4850-e3d4-4836-9d88-45687e591fa4 Manuel Leduc created this issue on 22/Oct/24 11:00
 
Summary: userinfo endpoint does not support OPTIONS http requests
Issue Type: cid:jira-generated-image-avatar-96121478-1a45-4544-b9f5-bc7662fbebd7 Bug
Affects Versions: 2.13.0
Assignee: Unassigned
Components: Provider
Created: 22/Oct/24 11:00
Priority: cid:jira-generated-image-static-major-438b311b-b384-47d2-aa60-402bcf5c85e9 Major
Reporter: Manuel Leduc
Description:

Reproduction steps

  1. build an http query to /xwiki/oidc/userinfo in javascript
  2. execute it on a brower sending preflight requests for CORS (e.g., Chrome)

Expected

  • The server handles the OPTIONS (preflight) request

Actual

  • oidc does not handle OPTIONS and returns a 500 http error
java.lang.IllegalArgumentException: No enum constant com.nimbusds.oauth2.sdk.http.HTTPRequest.Method.OPTIONS
	at java.base/java.lang.Enum.valueOf(Enum.java:273)
	at com.nimbusds.oauth2.sdk.http.HTTPRequest$Method.valueOf(HTTPRequest.java:81)
	at com.nimbusds.oauth2.sdk.http.ServletUtils.createHTTPRequest(ServletUtils.java:174)
	at com.nimbusds.oauth2.sdk.http.ServletUtils.createHTTPRequest(ServletUtils.java:143)
	at org.xwiki.contrib.oidc.provider.internal.OIDCResourceReferenceHandler.handle(OIDCResourceReferenceHandler.java:126)
	at org.xwiki.contrib.oidc.provider.internal.OIDCResourceReferenceHandler.handle(OIDCResourceReferenceHandler.java:110)
	at org.xwiki.resource.internal.DefaultResourceReferenceHandlerChain.handleNext(DefaultResourceReferenceHandlerChain.java:79)
	at org.xwiki.resource.internal.AbstractResourceReferenceHandlerManager.handle(AbstractResourceReferenceHandlerManager.java:82)
	at org.xwiki.resource.servlet.ResourceReferenceHandlerServlet.handleResourceReference(ResourceReferenceHandlerServlet.java:159)
	at org.xwiki.resource.servlet.ResourceReferenceHandlerServlet.service(ResourceReferenceHandlerServlet.java:87)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
 
 
This message was sent by Atlassian Jira (v9.3.0#930000-sha1:287aeb6) Atlassian logo
If image attachments aren't displayed, see this article.