miniOrange OIDC jira plugin failed to decode id_token

  • westwin
    # 3 months, 4 weeks ago

    The “name” claim in id_token is Chinese character, “Test Configuration” failed.

    I checked the class of JwtIDToken.class, and found it uses a Standard Base64 decoder rather than a URLBase64 decoder. I guess this might be the root cause of my failure. Could you please help feedback ?

    public JwtIDToken(String token) throws JSONException {
    String[] arr = StringUtils.split(token, “.”);
    this.encodedHeader = arr[0];
    this.payload = arr[1];
    this.signature = arr[2];
    Decoder base64Decoder = Base64.getDecoder();
    this.header = new String(base64Decoder.decode(arr[0]));
    this.payload = new String(base64Decoder.decode(arr[1]));
    }

    shradha
    Participant
    # 3 months, 4 weeks ago

    Hi Westwin,

    Thanks for pointing out the issue.
    This could be because of using the Standard Base64 Decoder class.

    We are trying to reproduce the issue on our end.

    Could you please attach plugin logs at atlassiansupport@xecurify.com?
    This will help us to check the id_token response and parse it in the plugin.

    Steps to fetch logs are provided under the Troubleshooting section.

    Looking forward to hearing from you.

    Thanks,
    Shradha

    westwin
    # 3 months, 3 weeks ago

    see below log, I didn’t send you the ID Token(sensitive claim), the name claim is Chinese character.

    2019-08-19 02:07:58,188 http-nio-8080-exec-17 DEBUG anonymous 127x237x1 h8cj3d 172.17.0.1 /plugins/servlet/oauth/callback [c.m.oauth.utils.MoOAuthUtils] Deserializing Public Key
    2019-08-19 02:07:58,189 http-nio-8080-exec-17 DEBUG anonymous 127x237x1 h8cj3d 172.17.0.1 /plugins/servlet/oauth/callback [c.m.o.jira.servlet.MoOAuthCallbackServlet] isSignatureValid : true
    2019-08-19 02:07:58,189 http-nio-8080-exec-17 DEBUG anonymous 127x237x1 h8cj3d 172.17.0.1 /plugins/servlet/oauth/callback [c.m.o.jira.servlet.MoOAuthCallbackServlet] Check if access token is empty
    2019-08-19 02:07:58,189 http-nio-8080-exec-17 DEBUG anonymous 127x237x1 h8cj3d 172.17.0.1 /plugins/servlet/oauth/callback [c.m.o.jira.action.MoOpenIdAction] ID Token = …………..

    shradha
    Participant
    # 3 months, 3 weeks ago

    Hi Westwin,

    Thanks for sharing logs.
    I am not able to see the name claim attribute in the logs.

    We tried to reproduce the issue on our end but no luck.

    Could you please decode your id_token and attach response here?
    (Looking for mainly name claim attribute, email attribute in the response.)

    If possible we can also set up a quick call and help you solve the issue.

    Thanks,
    Shradha

Viewing 4 posts - 1 through 4 (of 4 total)

Reply