OAuth2Client authentication fails if content type in http header is lower case

[Elfangor93]

Steps to reproduce the issue

• Clean Joomla installation
• System-Plugin using the OAuth2Client to authenticate on a OAuth endpoint:

  public function onAfterRoute()
  {
  $oauth_client = new OAuth2Client();
  $oauth_client->setOption('sendheaders',true);
  $oauth_client->setOption('client_id','token');
  $oauth_client->setOption('scope',array('with_roles'));
  $oauth_client->setOption('requestparams',array('state'=>'oauth','task'=>'oauth','access_type'=>'offline'));
  $oauth_client->setOption('clientid',<Your Uid>);
  $oauth_client->setOption('clientsecret',<Your Secret>);
  $oauth_client->setOption('redirecturi',JUri::root());
  $oauth_client->setOption('authurl','http://example.org/oauth/authorize');
  $oauth_client->setOption('tokenurl','http://example.org/oauth/token');
  $oauth_client->authenticate();
  }

• Reload the page

Expected result

If the OAuth credentials are correct (redirecturi, clientid, clientsecret, ...) we should see two successful responses from the OAuth server. Firstly we get the token and secondly we get json data based on the requested scope.

Actual result

When the second respond comes back from the OAuth server, a PHP notice is thrown and the autenthication fails: Notice: Undefined index: Content-Type in path/to/joomla/libraries/joomla/oauth2/client.php on line 85

System information (as much as possible)

• PHP version: 7.4.29
• Joomla version: 3.10.11
• Joomla platform version: 13.1.0

Additional comments

The code line throwing the PHP notice is looks as follows: if (strpos($response->headers['Content-Type'], 'application/json') === 0)

The code tries to access the value in the array ($response->headers) with key 'Content-Type' and checks therefore if the content type in the respond header is set to 'application/json'. But since the keys in http responses are case insensitive, the key could also be 'content-type' instead of 'Content-Type'. In that case the PHP notice is thrown and the autenthication fails.

The code should check the conent type of the OAuth response in a case insensitive manner, such that authentication does not fail when the content type key is responded in lower cases.

Problem still exist in newest Joomla version (4.2.3)...

[Elfangor93]

Issue also available in the corresponding framework package: https://github.com/joomla-framework/oauth2/issues/19

[sergeytolkachyov]

@Elfangor93 can you help me with Joomla OAuth2 class? I don't understand how to use it. Function authenticate needs a code parameter in Input (Joomla\Input\Input) but when does this function fired? I need to authorize in 3-dparty API via OAuth2 and send some data into it. Does Joomla OAuth2 class help me with this task?