search

ory / hydra-client-java

Apache License 2.0
25 stars 7 forks source link

Cannot deserialize API response #19

Closed gatesn closed 5 months ago

gatesn commented 1 year ago

Preflight checklist

Describe the bug

I get an error in the Java client when deserializing a response from the server:

Caused by: java.lang.IllegalArgumentException: Expected the field `grant_types` to be an array in the JSON string but got `null`

Reproducing the bug

Making a call to OAuth2Api#createOAuth2Client

Relevant log output

No response

Relevant configuration

No response

Version

2.1.1

On which operating system are you observing this issue?

macOS

In which environment are you deploying?

Binary

Additional Context

The issue is that the OAuth2Api incorrectly checks for null values:

      // ensure the optional json data is an array if present
      if (jsonObj.get("grant_types") != null && !jsonObj.get("grant_types").isJsonArray()) {
        throw new IllegalArgumentException(String.format("Expected the field `grant_types` to be an array in the JSON string but got `%s`", jsonObj.get("grant_types").toString()));
      }

Instead, it should be:

      // ensure the optional json data is an array if present
      if (!jsonObj.get("grant_types").isJsonNull() && !jsonObj.get("grant_types").isJsonArray()) {
        throw new IllegalArgumentException(String.format("Expected the field `grant_types` to be an array in the JSON string but got `%s`", jsonObj.get("grant_types").toString()));
      }
gatesn commented 1 year ago

Looks like it's fixed upstream here: https://github.com/OpenAPITools/openapi-generator/issues/13548

vmuth85 commented 10 months ago

I've got the same issue with the hydra-client-v2.2.0-rc.3. I cannot perform the Authorization Code Flow without setting the 'audience' request parameter. The response of

GET https://www.ory.sh/admin/oauth2/auth/requests/login?challenge=uJQp89szo......GcAez4qV0-V_

looks as follows:

"challenge": "uJQp89szo......GcAez4qV0-V_", "requested_scope": [ "offline_access", "openid" ], "requested_access_token_audience": null, "skip": true, "subject": "user", "oidc_context": {}, ...

As you can see, the 'requested_access_token_audience' attribute is null, but the OAuth2LoginRequest.validateJsonObject method doesn't check properly for null values and throws an java.lang.IllegalArgumentException ( "Expected the field requested_access_token_audience to be an array in the JSON string but got null")

The current code 

// ensure the required json array is present
      else if (!jsonObj.get("requested_access_token_audience").isJsonArray()) {
        throw new IllegalArgumentException(String.format("Expected the field `requested_access_token_audience` to be an array in the JSON string but got `%s`", jsonObj.get("requested_access_token_audience").toString()));
      }

has to be changed as follows:

  // ensure the required json array is present
  else if (!jsonObj.get("requested_access_token_audience").isJsonNull() && !jsonObj.get("requested_access_token_audience").isJsonArray()) {
    throw new IllegalArgumentException(String.format("Expected the field `requested_access_token_audience` to be an array in the JSON string but got `%s`", jsonObj.get("requested_access_token_audience").toString()));
  }
alnr commented 5 months ago

This same issue was reported for the Rust client in the Community Slack.

aeneasr commented 5 months ago

This is fixed now

MalteBellmann commented 5 months ago

For me this is not fixed with server and client versions at 2.2.0. I still get the IllegalArgumentException when i call createOAuth2Client. In my case the problematic fields are contacts, redirectUris and responseTypes.

The underlying bug in openapi-generator was fixed in version 7.0.0 (https://github.com/OpenAPITools/openapi-generator/pull/16213 / https://github.com/OpenAPITools/openapi-generator/issues/16212). Currently ory/sdk is at 6.2.1 for Java. The latest version is 7.3.0, here is a PR that updates the java generator to this version: https://github.com/ory/sdk/pull/332