Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix:(jans-config) getting error while create openid client #2946

Closed
manojs1978 opened this issue Nov 9, 2022 · 18 comments · Fixed by #3064
Closed

fix:(jans-config) getting error while create openid client #2946

manojs1978 opened this issue Nov 9, 2022 · 18 comments · Fixed by #3064
Assignees
Labels
comp-jans-config-api Component affected by issue or PR kind-bug Issue or PR is a bug in existing functionality
Milestone

Comments

@manojs1978
Copy link
Contributor

Describe the bug
getting error while create openid client

To Reproduce
Steps to reproduce the behavior:

  1. download schema /opt/jans/jans-cli/config-cli.py --operation-id post-oauth-openid-clients --data /tmp/Client.json
  2. modify Client.json add
    "customAttributes": null,
    "customObjectClasses": null,
    4.run
    /opt/jans/jans-cli/config-cli.py --operation-id post-oauth-openid-clients --data /tmp/Client.json
  3. See error

Expected behavior
should able to create openid client

Screenshots
image

Desktop (please complete the following information):

  • OS: [ubuntu
  • Browser [e.g. chrome, safari]
  • Version 20.0
  • DB openDJ

Smartphone (please complete the following information):

  • Device: [e.g. iPhone6]
  • OS: [e.g. iOS8.1]
  • Browser [e.g. stock browser, safari]
  • Version [e.g. 22]

Additional context
Add any other context about the problem here.
openidlog.zip

@manojs1978 manojs1978 added kind-bug Issue or PR is a bug in existing functionality comp-jans-config-api Component affected by issue or PR labels Nov 9, 2022
@manojs1978
Copy link
Contributor Author

Client.json.txt

@yurem
Copy link
Contributor

yurem commented Nov 9, 2022

You need to update your client.json

  "clientName": {
    "values": null,
    "value": null,
    "languageTags": []
  },
  "logoUri": {
    "values": null,
    "value": null,
    "languageTags": []
  },
  "clientUri": {
    "values": null,
    "value": null,
    "languageTags": []
  },
  "policyUri": {
    "values": null,
    "value": null,
    "languageTags": []
  },
  "tosUri": {
    "values": null,
    "value": null,
    "languageTags": []
  },

Now we store in clientName/logoUri/clientUri/policyUri/tosUri values as before in plain text values
While for localized we added additional attributes where we store values in JSON

The localized attributes has same names + Localized at the end

@pujavs
Copy link
Contributor

pujavs commented Nov 18, 2022

@manojs1978 were you able to test the fix?

@pujavs
Copy link
Contributor

pujavs commented Nov 18, 2022

Assigning to @qbert2k for inputs.
@qbert2k, we are not able to pass LocalizedString in json it is giving error. If we pass it as empty string it gives no error.
Can you please share how LocalizedString can be passed
Details:
DBType: LDAP

Error: com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot deserialize value of type `java.lang.String` from Object value (token `JsonToken.START_OBJECT`) at [Source: (org.eclipse.jetty.server.HttpInput); line: 25, column: 23] (through reference chain: io.jans.as.common.model.registration.Client["logoUriLocalized"])

Screenshot:
image

Json:

{
  "dn": null,
  "expirationDate": null,
  "deletable": true,
  "clientSecret": "password",
  "frontChannelLogoutUri": null,
  "frontChannelLogoutSessionRequired": true,
  "registrationAccessToken": null,
  "clientIdIssuedAt": null,
  "clientSecretExpiresAt": null,
  "redirectUris": ["http://myserver.com"],
  "claimRedirectUris": [],
  "responseTypes": [],
  "grantTypes": [],
  "applicationType": "native",
  "contacts": [],
  "idTokenTokenBindingCnf": null,
  "clientName": "Puja_Test_1",
  "logoUri": null,
  "clientUri": null,
  "policyUri": null,
  "tosUri": null,
  "clientNameLocalized": "",
  "logoUriLocalized": {  },
  "clientUriLocalized": {  },
  "policyUriLocalized": {  },
  "tosUriLocalized": {
    "values": null,
    "value": null,
    "languageTags": []
  },
  "jwksUri": null,
  "jwks": null,
  "sectorIdentifierUri": null,
  "subjectType": "public",
  "idTokenSignedResponseAlg": null,
  "idTokenEncryptedResponseAlg": null,
  "idTokenEncryptedResponseEnc": null,
  "userInfoSignedResponseAlg": null,
  "userInfoEncryptedResponseAlg": null,
  "userInfoEncryptedResponseEnc": null,
  "requestObjectSigningAlg": null,
  "requestObjectEncryptionAlg": null,
  "requestObjectEncryptionEnc": null,
  "tokenEndpointAuthMethod": null,
  "tokenEndpointAuthSigningAlg": null,
  "defaultMaxAge": null,
  "defaultAcrValues": [],
  "initiateLoginUri": null,
  "postLogoutRedirectUris": [],
  "requestUris": [],
  "scopes": [],
  "claims": [],
  "trustedClient": true,
  "lastAccessTime": null,
  "lastLogonTime": null,
  "persistClientAuthorizations": true,
  "includeClaimsInIdToken": true,
  "refreshTokenLifetime": null,
  "accessTokenLifetime": null,
  "customAttributes":null,
  "customObjectClasses": null,
  "rptAsJwt": true,
  "accessTokenAsJwt": false,
  "accessTokenSigningAlg": null,
  "disabled": true,
  "authorizedOrigins": [],
  "softwareId": null,
  "softwareVersion": null,
  "softwareStatement": null,
  "attributes": {
    "tlsClientAuthSubjectDn": null,
    "runIntrospectionScriptBeforeJwtCreation": true,
    "keepClientAuthorizationAfterExpiration": false,
    "allowSpontaneousScopes": true,
    "spontaneousScopes": [],
    "spontaneousScopeScriptDns": [],
    "updateTokenScriptDns": [],
    "backchannelLogoutUri": [],
    "backchannelLogoutSessionRequired": true,
    "additionalAudience": [],
    "postAuthnScripts": [],
    "consentGatheringScripts": [],
    "introspectionScripts": [],
    "rptClaimsScripts": [],
    "ropcScripts": [],
    "parLifetime": null,
    "requirePar": false,
    "jansAuthSignedRespAlg": null,
    "jansAuthEncRespAlg": null,
    "jansAuthEncRespEnc": null,
    "jansSubAttr": null,
    "redirectUrisRegex": null,
    "jansAuthorizedAcr": [],
    "jansDefaultPromptLogin": false,
    "idTokenLifetime": null
  },
  "backchannelTokenDeliveryMode": "poll",
  "backchannelClientNotificationEndpoint": null,
  "backchannelAuthenticationRequestSigningAlg": "ES384",
  "backchannelUserCodeParameter": false,
  "description": null,
  "organization": null,
  "groups": [],
  "ttl": null,
  "displayName": null,
  "tokenBindingSupported": true,
  "authenticationMethod": "self_signed_tls_client_auth",
  "baseDn": null,
  "inum": null
}```

@qbert2k
Copy link
Contributor

qbert2k commented Nov 21, 2022

Hi @pujavs

I can see the problem is deserializing the Localized String in Client class:

image

I can suggest using a ClientDto instead and a mapper.

@qbert2k
Copy link
Contributor

qbert2k commented Nov 21, 2022

Why jans-config-api-server is not consuming the dynamic client registration endpoint from jans-auth-server?

@pujavs
Copy link
Contributor

pujavs commented Nov 22, 2022

@qbert2k ,
1. Client class: config-api has been using Client.class since beginning and was working without any issue.
Which i understand you were aware because when the LocalizedString changes happened and related issues starting cropping up and being reported, you were assigned these issues;

Request you to please rectify the issue in https://github.com/JanssenProject/jans/blob/main/jans-auth-server/common/src/main/java/io/jans/as/common/model/registration/Client.java rather than introducing another DTO and Mapper?

2. Why jans-config-api-server is not consuming the dynamic client registration endpoint from jans-auth-server?
Wrt to directly using client registration endpoint it was decided that config-api should have direct access to ensure full control.
AS register API might restrict some fields and feature it in future.

cc @yuriyz for suggestion and advice for both points

@qbert2k
Copy link
Contributor

qbert2k commented Nov 22, 2022

  1. The way LocalizedString is being persisted was changed as requested. Let me explain in more detail why I think we need to introduce a DTO and mapper:
{
// ...
"client_name": "My Example",
"client_name#ja-Jpan-JP":  "クライアント名"
// ...
}
  • As we can see in the example, the format of the param is special and cannot be deserialized directly, that's why I am purposing to use another mechanism. So instead of trying to receive a Client object directly at the rest controller level, I suggest using a DTO and mapping the values to the Client object.
  1. I was just curious about why not use Dynamic Client Registration because it could be another option to solve the problem.

@pujavs
Copy link
Contributor

pujavs commented Nov 23, 2022

@qbert2k, we need to close the LocalizedString issue, issues reported wrt to them are still open and consumes lot of time and efforts to keep on analysing and reporting to the user that is LocalizedString issue and WIP

Following are my queries;

  1. I am also just as curious that would the DTO and mapper resolved the issue long back rather than waiting for changes to the Client.class
    Was this possible earlier when the issue was first reported?

  2. Are you suggesting the config-api endpoints do not take attributes of LocalizedString type at-all in its payload? That means that new DTO will not have any attribute of LocalizedString type and hence never will part of request and response for config-api OpenID Client endpoints...
    Is this confirmed requirement ?
    I would rather have a solution wherein config-api use Client object in request and response rather than restricting something due to deserializing issue.
    Also if we introduce DTO, how do you suggest keeping it always in sync with changes in Client.class
    Thus i think its best that we resolve the problem of deserializing the Localized String in Client class
    Request you to please have a look

  3. Once you fix the issue, request you to please share a sample json as to how to pass these in request. I have tried following
    and nothing works...
    3.1 "clientNameLocalized": { }
    3.2 "clientNameLocalized": { "value": "My_name" }
    3.3"clientNameLocalized": { "value": "My_name", "values":{ "Client name 1": "Locale.UK", "Client name 2":"Locale.CANADA" } }

@yuriyz
Copy link
Contributor

yuriyz commented Nov 23, 2022

@qbert2k @pujavs jans-config-api has access to internal AS structure which is not exposed outside by AS via dynamic registration endpoint. There reason is that jans-config-api must have ability to change any data (e.g. client secret or expiration). We of course can solve Client serialization/deserialization problem by introducing DTO and mapping but it introduce another point of maintaining in code and as result another point of failure.

I'm going to investigate and fix deserialization problem.

Error: com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot deserialize value of type `java.lang.String` from Object value (token `JsonToken.START_OBJECT`) at [Source: (org.eclipse.jetty.server.HttpInput); line: 25, column: 23] (through reference chain: io.jans.as.common.model.registration.Client["logoUriLocalized"])

yuriyz added a commit that referenced this issue Nov 23, 2022
…sue #2946 (#3064)

* fix:(jans-auth-server): fixed Client serialization/deserialization bug #2946

* fix:(jans-auth-server): fixed Client serialization/deserialization bug #2946
@yuriyz
Copy link
Contributor

yuriyz commented Nov 23, 2022

Fixed serialization and deserialization in #3064

Look to ClientSerializationTest.java for sample.

Sample json used by test

{
  "frontChannelLogoutSessionRequired" : false,
  "grantTypes" : [ ],
  "applicationType" : "web",
  "clientName" : "myLocalized",
  "clientNameLocalized" : {
    "values" : {
      "" : "myLocalized",
      "en-CA" : "myLocalized_canada",
      "fr-CA" : "myLocalized_canadaFR"
    }
  },
  "logoUriLocalized" : {
    "values" : { }
  },
  "clientUriLocalized" : {
    "values" : { }
  },
  "policyUriLocalized" : {
    "values" : { }
  },
  "tosUriLocalized" : {
    "values" : { }
  },
  "subjectType" : "public",
  "trustedClient" : false,
  "persistClientAuthorizations" : false,
  "includeClaimsInIdToken" : false,
  "customAttributes" : [ ],
  "rptAsJwt" : false,
  "accessTokenAsJwt" : false,
  "disabled" : false,
  "attributes" : {
    "tlsClientAuthSubjectDn" : null,
    "runIntrospectionScriptBeforeJwtCreation" : false,
    "keepClientAuthorizationAfterExpiration" : false,
    "allowSpontaneousScopes" : false,
    "spontaneousScopes" : [ ],
    "spontaneousScopeScriptDns" : [ ],
    "updateTokenScriptDns" : [ ],
    "backchannelLogoutUri" : [ ],
    "backchannelLogoutSessionRequired" : false,
    "additionalAudience" : [ ],
    "postAuthnScripts" : [ ],
    "consentGatheringScripts" : [ ],
    "introspectionScripts" : [ ],
    "rptClaimsScripts" : [ ],
    "ropcScripts" : [ ],
    "parLifetime" : 600,
    "requirePar" : false,
    "jansAuthSignedRespAlg" : null,
    "jansAuthEncRespAlg" : null,
    "jansAuthEncRespEnc" : null,
    "jansSubAttr" : null,
    "redirectUrisRegex" : null,
    "jansAuthorizedAcr" : [ ],
    "jansDefaultPromptLogin" : false,
    "idTokenLifetime" : null,
    "allowOfflineAccessWithoutConsent" : null
  }
}

@pujavs Re-opening ticket for validation. Please try with newest AS and confirm it works.

@yuriyz yuriyz reopened this Nov 23, 2022
@pujavs
Copy link
Contributor

pujavs commented Nov 24, 2022

Confirmed the fix is working, @yuriyz thankyou
Testing: tested with json shared by @yuriyz as well as others
image

@pujavs
Copy link
Contributor

pujavs commented Nov 29, 2022

@manojs1978 to test and confirm

@manojs1978
Copy link
Contributor Author

checking

@manojs1978
Copy link
Contributor Author

Hi @pujavs ,
please check below error, getting while running post method ,

/opt/jans/jans-cli/config-cli.py --operation-id post-oauth-openid-client --data /tmp/client.json com.fasterxml.jackson.databind.exc.InvalidFormatException: Cannot deserialize value of type `java.util.Date` from String "string": not a valid representation (error: Failed to parse Date value 'string': Unparseable date: "string") at [Source: (org.eclipse.jetty.server.HttpInput); line: 1, column: 36] (through reference chain: io.jans.as.common.model.registration.Client["expirationDate"])

@pujavs
Copy link
Contributor

pujavs commented Jan 13, 2023

@manojs1978 i am not getting this error, request you to please re-test and post exact request json in-case of error or else close the issue

@pujavs
Copy link
Contributor

pujavs commented Feb 7, 2023

assigning to @manojs1978 for testing and closure

@moabu moabu modified the milestones: 1.0.7, 1.0.9 Mar 1, 2023
@moabu moabu modified the milestones: 1.0.9, 1.0.10 Mar 9, 2023
@manojs1978
Copy link
Contributor Author

with modfied client.json able to create open id client using API

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
comp-jans-config-api Component affected by issue or PR kind-bug Issue or PR is a bug in existing functionality
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants