8282import it .eng .spagobi .services .security .service .SecurityServiceSupplierFactory ;
8383import it .eng .spagobi .tenant .Tenant ;
8484import it .eng .spagobi .tenant .TenantManager ;
85- import it .eng .spagobi .tools .dataset .notifier .fiware .OAuth2Utils ;
8685import it .eng .spagobi .utilities .exceptions .SpagoBIRuntimeException ;
8786
8887@ Path ("/login" )
@@ -357,7 +356,7 @@ public Response loginOIDC(@Context HttpServletRequest req, Map<String, String> p
357356 try {
358357
359358 final String code = payload .get ("code" );
360- final String codeVerifier = payload .get ("code_verifier " );
359+ final String codeVerifier = payload .get ("codeVerifier " );
361360 if (StringUtils .isBlank (code )) {
362361 return buildUnauthorizedResponse ("Missing authorization code" );
363362 }
@@ -382,16 +381,6 @@ public Response loginOIDC(@Context HttpServletRequest req, Map<String, String> p
382381
383382 }
384383
385- /**
386- * OIDC Nonce generation endpoint
387- */
388- @ GET
389- @ Path ("/oidc/nonce" )
390- @ PublicService
391- public Response generateNonce () {
392- String nonce = OAuth2Utils .createNonce ();
393- return Response .ok (Map .of ("nonce" , nonce )).build ();
394- }
395384
396385 /**
397386 * OIDC ID token validation endpoint Accepts OIDC ID token and performs validation
@@ -406,23 +395,14 @@ public Response validateOIDCIdToken(@Context HttpServletRequest req, Map<String,
406395 logger .debug ("Starting ID token validation" );
407396
408397 // Extract parameters from payload
409- String idToken = payload .get ("id_token" );
410- String expectedNonce = payload .get ("nonce" );
398+ String idToken = payload .get ("code" );
411399
412400 if (StringUtils .isBlank (idToken )) {
413401 logger .error ("Missing id_token in payload" );
414402 monitor .stop (new SpagoBIRuntimeException ("Missing id_token" ));
415403 return buildUnauthorizedResponse ("Missing id_token" );
416404 }
417405
418- if (StringUtils .isBlank (expectedNonce )) {
419- logger .error ("Missing nonce in payload" );
420- monitor .stop (new SpagoBIRuntimeException ("Missing nonce" ));
421- return buildUnauthorizedResponse ("Missing nonce" );
422- }
423-
424- logger .debug ("ID token validation starting with expected nonce: " + expectedNonce );
425-
426406 // Decode JWT
427407 DecodedJWT decodedJWT = JWT .decode (idToken );
428408 logger .debug ("JWT token properly decoded" );
@@ -450,14 +430,6 @@ public Response validateOIDCIdToken(@Context HttpServletRequest req, Map<String,
450430 }
451431 logger .debug ("JWT audience verified" );
452432
453- // Verify nonce (provided by client)
454- com .auth0 .jwt .interfaces .Claim nonceClaim = decodedJWT .getClaim ("nonce" );
455- if (nonceClaim .isNull () || !nonceClaim .asString ().equals (expectedNonce )) {
456- logger .error ("JWT token nonce [" + nonceClaim .asString () + "] does not match the expected nonce [" + expectedNonce + "]" );
457- monitor .stop (new SpagoBIRuntimeException ("JWT nonce mismatch" ));
458- return buildUnauthorizedResponse ("JWT nonce does not match" );
459- }
460- logger .debug ("JWT nonce verified" );
461433
462434 logger .info ("ID token validated successfully" );
463435 monitor .stop ();
0 commit comments