yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-11-26 23:55:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Public flow introspection corrected (#24402)

Browse Source 
* Public flow introspection corrected

* Wrong auth client Id incase of public client
This commit is contained in:
Ajith Prasad 2025-11-18 22:31:15 +05:30 committed by GitHub
parent c92b3e0d4d
commit b6cd0a9fd6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
openmetadata-service/src/main/java/org/openmetadata/service/security/auth/validator/Auth0Validator.java
View File

@ -263,20 +263,20 @@ public class Auth0Validator {
return null; // Success - Auth0 client ID validated
} else if (responseCode == 400 || responseCode == 404) {
return ValidationErrorBuilder.createFieldError(
ValidationErrorBuilder.FieldPaths.OIDC_CLIENT_ID,
ValidationErrorBuilder.FieldPaths.AUTH_CLIENT_ID,
"Invalid Auth0 client ID. Client does not exist or is not properly configured.");
} else {
// Warning case - treat as success since format appears valid
LOG.warn("Could not fully validate Auth0 client ID. HTTP response: {}", responseCode);
return ValidationErrorBuilder.createFieldError(
ValidationErrorBuilder.FieldPaths.OIDC_CLIENT_ID, "Could not validate client Id");
ValidationErrorBuilder.FieldPaths.AUTH_CLIENT_ID, "Could not validate client Id");
}
} catch (Exception e) {
// Warning case - treat as success since format appears valid
LOG.warn("Auth0 client ID validation warning: {}", e.getMessage());
return ValidationErrorBuilder.createFieldError(
ValidationErrorBuilder.FieldPaths.OIDC_CLIENT_ID,
ValidationErrorBuilder.FieldPaths.AUTH_CLIENT_ID,
"Auth0 client ID validation warning: {}" + e.getMessage());
}
}

4
openmetadata-service/src/main/java/org/openmetadata/service/security/auth/validator/AzureAuthValidator.java
View File

@ -343,13 +343,13 @@ public class AzureAuthValidator {
return null;
} else {
return ValidationErrorBuilder.createFieldError(
ValidationErrorBuilder.FieldPaths.OIDC_CLIENT_ID, "Client ID validation failed");
ValidationErrorBuilder.FieldPaths.AUTH_CLIENT_ID, "Client ID validation failed");
}
}
} catch (Exception e) {
return ValidationErrorBuilder.createFieldError(
ValidationErrorBuilder.FieldPaths.OIDC_CLIENT_ID, "Client ID validation failed");
ValidationErrorBuilder.FieldPaths.AUTH_CLIENT_ID, "Client ID validation failed");
}
}

11
openmetadata-service/src/main/java/org/openmetadata/service/security/auth/validator/OktaAuthValidator.java
View File

@ -146,8 +146,9 @@ public class OktaAuthValidator {
}
private FieldError validatePublicClientId(String oktaDomain, String clientId) {
String discoveryUri = oktaDomain + OKTA_WELL_KNOWN_PATH;
return validateClientIdViaIntrospection(
oktaDomain, clientId, "okta-public-client-id", "public");
discoveryUri, clientId, "okta-public-client-id", "public");
}
private String getIntrospectUrl(String discoveryUri) {
@ -193,9 +194,9 @@ public class OktaAuthValidator {
}
private FieldError validateClientIdViaIntrospection(
String oktaDomain, String clientId, String componentName, String clientType) {
String discoveryUri, String clientId, String componentName, String clientType) {
try {
String introspectUrl = oktaDomain + "/v1/introspect";
String introspectUrl = getIntrospectUrl(discoveryUri);
String requestBody =
"token=dummy_invalid_token&token_type_hint=access_token&client_id=" + clientId;
@ -213,12 +214,12 @@ public class OktaAuthValidator {
return null; // Success - Okta client ID validated
} else {
return ValidationErrorBuilder.createFieldError(
ValidationErrorBuilder.FieldPaths.OIDC_CLIENT_ID,
ValidationErrorBuilder.FieldPaths.AUTH_CLIENT_ID,
"Unexpected introspection response format - missing 'active' field");
}
} else {
return ValidationErrorBuilder.createFieldError(
ValidationErrorBuilder.FieldPaths.OIDC_CLIENT_ID,
ValidationErrorBuilder.FieldPaths.AUTH_CLIENT_ID,
"Client ID validation failed. HTTP response: " + response.getStatusCode());
}