Merge pull request #18701 from spring-projects/dependabot/gradle/main/com.nimbusds-oauth2-oidc-sdk-11.33

github-actions[bot] · web-flow · commit f91b5f33fc0d · 2026-02-10T17:51:23.000Z
Bump com.nimbusds:oauth2-oidc-sdk from 11.26.1 to 11.33
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
@@ -20,8 +20,8 @@ ch-qos-logback-logback-classic = "ch.qos.logback:logback-classic:1.5.28"
 com-fasterxml-jackson-jackson-bom = "com.fasterxml.jackson:jackson-bom:2.21.0"
 com-google-inject-guice = "com.google.inject:guice:3.0"
 com-netflix-nebula-nebula-project-plugin = "com.netflix.nebula:nebula-project-plugin:8.2.0"
-com-nimbusds-nimbus-jose-jwt = "com.nimbusds:nimbus-jose-jwt:10.4"
-com-nimbusds-oauth2-oidc-sdk = "com.nimbusds:oauth2-oidc-sdk:11.26.1"
+com-nimbusds-nimbus-jose-jwt = "com.nimbusds:nimbus-jose-jwt:10.6"
+com-nimbusds-oauth2-oidc-sdk = "com.nimbusds:oauth2-oidc-sdk:11.33"
 com-squareup-okhttp3-mockwebserver = { module = "com.squareup.okhttp3:mockwebserver", version.ref = "com-squareup-okhttp3" }
 com-squareup-okhttp3-okhttp = { module = "com.squareup.okhttp3:okhttp", version.ref = "com-squareup-okhttp3" }
 com-unboundid-unboundid-ldapsdk = "com.unboundid:unboundid-ldapsdk:7.0.4"
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java
@@ -105,7 +105,7 @@ private ClientRegistrations() {
 	 * @return the {@link ClientRegistration} built from the configuration
 	 */
 	public static ClientRegistration.Builder fromOidcConfiguration(Map<String, Object> configuration) {
-		OIDCProviderMetadata metadata = parse(configuration, OIDCProviderMetadata::parse);
+		OIDCProviderMetadata metadata = parseInput(configuration, OIDCProviderMetadata::parse);
 		ClientRegistration.Builder builder = withProviderConfiguration(metadata, metadata.getIssuer().getValue());
 		builder.jwkSetUri(metadata.getJWKSetURI().toASCIIString());
 		if (metadata.getUserInfoEndpointURI() != null) {
@@ -292,6 +292,15 @@ private static ClientRegistration.Builder getBuilder(String issuer,
 		throw new IllegalArgumentException(errorMessage);
 	}
 
+	private static <T> T parseInput(Map<String, Object> body, ThrowingFunction<JSONObject, T, ParseException> parser) {
+		try {
+			return parse(body, parser);
+		}
+		catch (RuntimeException ex) {
+			throw new IllegalArgumentException(ex);
+		}
+	}
+
 	private static <T> T parse(Map<String, Object> body, ThrowingFunction<JSONObject, T, ParseException> parser) {
 		try {
 			return parser.apply(new JSONObject(body));
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTests.java
@@ -40,7 +40,6 @@
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
 import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
-import static org.assertj.core.api.Assertions.assertThatNullPointerException;
 
 /**
  * @author Rob Winch
@@ -475,7 +474,7 @@ private ClientRegistration.Builder registration(Map<String, Object> configuratio
 	@Test
 	public void issuerWhenOidcConfigurationResponseMissingJwksUriThenThrowsIllegalArgumentException() throws Exception {
 		this.response.remove("jwks_uri");
-		assertThatNullPointerException().isThrownBy(() -> registration(this.response).build());
+		assertThatIllegalArgumentException().isThrownBy(() -> registration(this.response).build());
 	}
 
 	@Test
