Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect Error Mapping for OAuth2 Hybrid Flow Configuration Errors #22204

Open
aaujayasena opened this issue Jan 8, 2025 · 1 comment
Open

Incorrect Error Mapping for OAuth2 Hybrid Flow Configuration Errors #22204

aaujayasena opened this issue Jan 8, 2025 · 1 comment
Labels
Priority/Highest QA-Reported Issues reported by a QA Severity/Critical Team/API Access Mgt & Authorization Type/Bug

Comments

@aaujayasena
Copy link
Contributor

aaujayasena commented Jan 8, 2025
edited
Loading

Description

When an OAuth2 request is made with a response type that is not configured for the hybrid flow in the application, the error page displays a generic "Something went wrong" message instead of a meaningful error message.

https://localhost:9443/authenticationendpoint/oauth2_error.do?oauthErrorCode=invalid_client&oauthErrorMsg=Requested+response+type+code+token+is+not+configured+for+the+hybrid+flow+for+the+application.&crId=4bb1cfcb-25dd-4027-8eb1-13bf92ceffeb&spId=21785579-2969-49d3-8652-24176e5b1d2c
Screenshot from 2025-01-07 15-11-44

Steps to Reproduce

  1. Configure an application in IS with a response type "code id_token"
  2. Attempt to authenticate using a different response type combination such as "code token".
    Request
    https://localhost:9443/oauth2/authorize?response_type=code token&client_id=QsBUsTh7yw2wDT4YATkMU4B0OgAa&nonce=ndb&redirect_uri=https://oidcdebugger.com/debug&scope=openid
  3. Observe the error page
  4. Note that the page does not display a clear error message related to the response type configuration issue.

Version

IS 7.1.0-m6

Environment Details (with versions)

DB : Postgres
@aaujayasena
Copy link
Contributor Author

aaujayasena commented Jan 8, 2025
edited
Loading

Root Cause Analysis

The getErrorCodeToi18nMapping method in the AuthenticationEndpointUtil class constructs an error key based on the error code and sub-error code [1][2]. However, this key does not exist in the ERROR_TO_I18N_MAP [3] in the Constants class, leading to the default fallback message.

[1] https://github.com/wso2/carbon-identity-framework/blob/master/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint.util/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/util/AuthenticationEndpointUtil.java#L243
[2] https://github.com/wso2/identity-apps/blob/master/identity-apps-core/apps/authentication-portal/src/main/webapp/oauth2_error.jsp#L101
[3] https://github.com/wso2/carbon-identity-framework/blob/master/components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint.util/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/util/Constants.java#L141

@aaujayasena aaujayasena mentioned this issue Jan 8, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Priority/Highest QA-Reported Issues reported by a QA Severity/Critical Team/API Access Mgt & Authorization Type/Bug
Projects
Identity Server 7.1.0
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Thumimku @aaujayasena