Public flow introspection corrected (#24402)

* Public flow introspection corrected

* Wrong auth client Id incase of public client

openmetadata-service/src/main/java/org/openmetadata/service/security/auth/validator/Auth0Validator.java

@@ -263,20 +263,20 @@ public class Auth0Validator {
         return null; // Success - Auth0 client ID validated
       } else if (responseCode == 400 || responseCode == 404) {
         return ValidationErrorBuilder.createFieldError(
-            ValidationErrorBuilder.FieldPaths.OIDC_CLIENT_ID,
+            ValidationErrorBuilder.FieldPaths.AUTH_CLIENT_ID,
             "Invalid Auth0 client ID. Client does not exist or is not properly configured.");
       } else {
         // Warning case - treat as success since format appears valid
         LOG.warn("Could not fully validate Auth0 client ID. HTTP response: {}", responseCode);
         return ValidationErrorBuilder.createFieldError(
-            ValidationErrorBuilder.FieldPaths.OIDC_CLIENT_ID, "Could not validate client Id");
+            ValidationErrorBuilder.FieldPaths.AUTH_CLIENT_ID, "Could not validate client Id");
       }
 
     } catch (Exception e) {
       // Warning case - treat as success since format appears valid
       LOG.warn("Auth0 client ID validation warning: {}", e.getMessage());
       return ValidationErrorBuilder.createFieldError(
-          ValidationErrorBuilder.FieldPaths.OIDC_CLIENT_ID,
+          ValidationErrorBuilder.FieldPaths.AUTH_CLIENT_ID,
           "Auth0 client ID validation warning: {}" + e.getMessage());
     }
   }

openmetadata-service/src/main/java/org/openmetadata/service/security/auth/validator/AzureAuthValidator.java

@@ -343,13 +343,13 @@ public class AzureAuthValidator {
           return null;
         } else {
           return ValidationErrorBuilder.createFieldError(
-              ValidationErrorBuilder.FieldPaths.OIDC_CLIENT_ID, "Client ID validation failed");
+              ValidationErrorBuilder.FieldPaths.AUTH_CLIENT_ID, "Client ID validation failed");
         }
       }
 
     } catch (Exception e) {
       return ValidationErrorBuilder.createFieldError(
-          ValidationErrorBuilder.FieldPaths.OIDC_CLIENT_ID, "Client ID validation failed");
+          ValidationErrorBuilder.FieldPaths.AUTH_CLIENT_ID, "Client ID validation failed");
     }
   }
 

openmetadata-service/src/main/java/org/openmetadata/service/security/auth/validator/OktaAuthValidator.java

@@ -146,8 +146,9 @@ public class OktaAuthValidator {
   }
 
   private FieldError validatePublicClientId(String oktaDomain, String clientId) {
+    String discoveryUri = oktaDomain + OKTA_WELL_KNOWN_PATH;
     return validateClientIdViaIntrospection(
-        oktaDomain, clientId, "okta-public-client-id", "public");
+        discoveryUri, clientId, "okta-public-client-id", "public");
   }
 
   private String getIntrospectUrl(String discoveryUri) {
@@ -193,9 +194,9 @@ public class OktaAuthValidator {
   }
 
   private FieldError validateClientIdViaIntrospection(
-      String oktaDomain, String clientId, String componentName, String clientType) {
+      String discoveryUri, String clientId, String componentName, String clientType) {
     try {
-      String introspectUrl = oktaDomain + "/v1/introspect";
+      String introspectUrl = getIntrospectUrl(discoveryUri);
       String requestBody =
           "token=dummy_invalid_token&token_type_hint=access_token&client_id=" + clientId;
 
@@ -213,12 +214,12 @@ public class OktaAuthValidator {
           return null; // Success - Okta client ID validated
         } else {
           return ValidationErrorBuilder.createFieldError(
-              ValidationErrorBuilder.FieldPaths.OIDC_CLIENT_ID,
+              ValidationErrorBuilder.FieldPaths.AUTH_CLIENT_ID,
               "Unexpected introspection response format - missing 'active' field");
         }
       } else {
         return ValidationErrorBuilder.createFieldError(
-            ValidationErrorBuilder.FieldPaths.OIDC_CLIENT_ID,
+            ValidationErrorBuilder.FieldPaths.AUTH_CLIENT_ID,
             "Client ID validation failed. HTTP response: " + response.getStatusCode());
       }