Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GetWellKnownEndpointsFromIssuerURL in internal/oidc/oidc.go should probably check the HTTP response code before trying to de-serialize a response body #308

Open
6 tasks done
mdlam92 opened this issue Jan 29, 2025 · 0 comments
Open
6 tasks done

GetWellKnownEndpointsFromIssuerURL in internal/oidc/oidc.go should probably check the HTTP response code before trying to de-serialize a response body #308

mdlam92 opened this issue Jan 29, 2025 · 0 comments
Labels
bug This issue reports a suspect bug or issue with the SDK itself

Comments

@mdlam92
Copy link

mdlam92 commented Jan 29, 2025

Checklist

  • I have looked into the README and have not found a suitable solution or answer.
  • I have looked into the documentation and have not found a suitable solution or answer.
  • I have searched the issues and have not found a suitable solution or answer.
  • I have upgraded to the latest version of this SDK and the issue still persists.
  • I have searched the Auth0 Community forums and have not found a suitable solution or answer.
  • I agree to the terms within the Auth0 Code of Conduct.

Description

If you've constructed your validator's issuer URL incorrectly and it tries to find your provider'sopenid-configuration at a bad location, a 404 makes its way to the JSON deserialize call and a really unhelpful error message bubbles its way up

Reproduction

  1. given a bad issuer URL in validator.New
  2. when GetWellKnownEndpointsFromIssuerURL is eventually called
  3. then an unhelpful error is bubbled up cause GetWellKnownEndpointsFromIssuerURL doesn't check the HTTP response code

Go JWT Middleware version

2.2.2

Go version

1.23.4
@mdlam92 mdlam92 added the bug This issue reports a suspect bug or issue with the SDK itself label Jan 29, 2025
@mdlam92 mdlam92 changed the title GetWellKnownEndpointsFromIssuerURL in internal/oidc/oidc.go should probably check the HTTP response code before trying to de-serialize a response bo GetWellKnownEndpointsFromIssuerURL in internal/oidc/oidc.go should probably check the HTTP response code before trying to de-serialize a response body Jan 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue reports a suspect bug or issue with the SDK itself
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mdlam92