Remove use of Nimbus Oauth2 SDK's CommonContentTypes by Avery-Dunn · Pull Request #322 · AzureAD/microsoft-authentication-library-for-java

Avery-Dunn · 2020-11-30T23:20:30Z

Removes the use of a file in Nimbus's oauth2-oidc-sdk, which was deprecated and causing issues in environments which used newer versions of that dependency. However, to avoid causing issues in environments which use older versions of this dependency (i.e., ones that don't have the new version of the deprecated file), this PR just removes the file's references and replaces it with our own implementation, rather than upgrade to the latest version.

Should solve the issue in #316, and can replace this PR #311.

sangonzal

* Exception Improvements (#254) * Add null checks for MsalException error code references * Better exception handling for invalid tokens * Better exception handling for invalid tokens * Sync with changes to Azure-Samples/ms-identity-java-desktop (#259) * extra scopes for consent during authorizaion * typo * minor * HTTPClient default timeouts (#264) * Add default timeouts for DefaultHttpClient * Handle 'stay signed in' confirmation page in DeviceCodeIT tests * Small best-practices changes * append extra scopes as suffix * 1.6.2 release (#268) * fixing integ test * Tenant Profiles (#263) * Classes for tenant profile functionality * Implement tenant profile feature * Tests for tenant profile feature * Simplify tenant profile class structure * 1.6.2 release * Classes for tenant profile redesign * Tests for tenant profile redesign * Adjust sample cached ID tokens to have realistic headers * Redesign how Tenant Pofiles are added to Accounts * New error code for JWT parse exceptions * Add claims and tenant profiles fields to Account * Remove annotation excluding realm field from comparisons * Use more generic token * Remove ID token claims field from Account * Minor changes for clarity * Adjust tests for tenant profile design refactor * Refactor tenant profile structure * Minor fixes * Minor fixes * Minor fixes * Simplify tenant profile class Co-authored-by: SomkaPe <[email protected]> * Improve HTTP client timeouts (#275) * 1.6.2 release (#269) * 1.6.2 release * Make DefaultHttpClient timeouts settable * Refactor timeout names Co-authored-by: SomkaPe <[email protected]> * Bewaters certchain (#276) * Support for certificate chain * 1.7.0 release (#277) * Update DefaultHttpClient.java * Fixed parsing ClientInfo: on some accounts, the server response contained characters that are incorrect for Base64 encoding, but acceptable for Base64URL (#282) * sendX5c api (#285) * refactoring (#287) * refactoring * refactoring * refactoring * Add AcquireTokenSilent tests for B2C and ADFS2019, refactor duplicate code in tests (#293) * Add public constants for cloud endpoints (#298) * Add public constants for cloud endpoints * Add license header * Added javadocs * Removed unneeded test * Make IAccount serializable (#297) * Make IAccount objects serializable * Make AuthenticationResult objects not serializable * Add tenant profile/id claims to auth result (#300) * Add tenant profile/id claims to auth result * Minor fix * treat null password as default one - empty string (#304) * treat null password as default one - empty string * Support for refresh_in (#305) * Support for refresh_in * Tests for refresh_in * Add extra null check * Add test for refreshOn cache persistence * refresh on is optional field (#312) * refresh on optional field * 1.8.0 Release (#313) 1.8.0 release * Fix spelling mistake in Prompt.java * Remove use of Nimbus Oauth2 SDK's CommonContentTypes (#322) * Remove use of Nimbus Oauth2 SDK's CommonContentTypes * Add enum for HTTP content-type constants * Remove use of javax.mail.internet.ContentType * Support for claims request parameter (#315) * ClaimsRequest classes * Support for claims request parameter * Tests for claims request * Use Jackson library for JSON processing * Change access level of userinfo and access_token claims * Better merge tests * Remove ability to set claims in userinfo field * Refactor claims field naming * 1.8.1 release (#326) * Version number updates for 1.8.1 release * Minor rewording Co-authored-by: SomkaPe <[email protected]> Co-authored-by: Roman Nosachev <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]>

davidkarlsen · 2020-12-14T10:48:46Z

Getting:

        ... 95 common frames omitted
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.evry.fs.devtools.ad.AzureAdUserServiceImpl]: Factory method 'tietoAzureAdUserService' threw exception; nested exception is java.lang.NoSuchMethodError: 'net.minidev.json.JSONObject com.nimbusds.jwt.JWTClaimsSet.toJSONObject()'
        at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185)
        at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:653)
        ... 109 common frames omitted
Caused by: java.lang.NoSuchMethodError: 'net.minidev.json.JSONObject com.nimbusds.jwt.JWTClaimsSet.toJSONObject()'
        at com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet.parse(JWTAuthenticationClaimsSet.java:166)
        at com.nimbusds.oauth2.sdk.auth.JWTAuthentication.<init>(JWTAuthentication.java:139)
        at com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT.<init>(PrivateKeyJWT.java:251)
        at com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT.parse(PrivateKeyJWT.java:286)
        at com.microsoft.aad.msal4j.ConfidentialClientApplication.createClientAuthFromClientAssertion(ConfidentialClientApplication.java:97)
        at com.microsoft.aad.msal4j.ConfidentialClientApplication.buildValidClientCertificateAuthority(ConfidentialClientApplication.java:89)
        at com.microsoft.aad.msal4j.ConfidentialClientApplication.initClientAuthentication(ConfidentialClientApplication.java:66)
        at com.microsoft.aad.msal4j.ConfidentialClientApplication.<init>(ConfidentialClientApplication.java:56)
        at com.microsoft.aad.msal4j.ConfidentialClientApplication.<init>(ConfidentialClientApplication.java:32)
        at com.microsoft.aad.msal4j.ConfidentialClientApplication$Builder.build(ConfidentialClientApplication.java:144)
        at com.evry.fs.devtools.ad.AzureAdUserServiceImpl.<init>(AzureAdUserServiceImpl.java:49)

with 1.8.1

* 1.8.1 release (#327) * Exception Improvements (#254) * Add null checks for MsalException error code references * Better exception handling for invalid tokens * Better exception handling for invalid tokens * Sync with changes to Azure-Samples/ms-identity-java-desktop (#259) * extra scopes for consent during authorizaion * typo * minor * HTTPClient default timeouts (#264) * Add default timeouts for DefaultHttpClient * Handle 'stay signed in' confirmation page in DeviceCodeIT tests * Small best-practices changes * append extra scopes as suffix * 1.6.2 release (#268) * fixing integ test * Tenant Profiles (#263) * Classes for tenant profile functionality * Implement tenant profile feature * Tests for tenant profile feature * Simplify tenant profile class structure * 1.6.2 release * Classes for tenant profile redesign * Tests for tenant profile redesign * Adjust sample cached ID tokens to have realistic headers * Redesign how Tenant Pofiles are added to Accounts * New error code for JWT parse exceptions * Add claims and tenant profiles fields to Account * Remove annotation excluding realm field from comparisons * Use more generic token * Remove ID token claims field from Account * Minor changes for clarity * Adjust tests for tenant profile design refactor * Refactor tenant profile structure * Minor fixes * Minor fixes * Minor fixes * Simplify tenant profile class Co-authored-by: SomkaPe <[email protected]> * Improve HTTP client timeouts (#275) * 1.6.2 release (#269) * 1.6.2 release * Make DefaultHttpClient timeouts settable * Refactor timeout names Co-authored-by: SomkaPe <[email protected]> * Bewaters certchain (#276) * Support for certificate chain * 1.7.0 release (#277) * Update DefaultHttpClient.java * Fixed parsing ClientInfo: on some accounts, the server response contained characters that are incorrect for Base64 encoding, but acceptable for Base64URL (#282) * sendX5c api (#285) * refactoring (#287) * refactoring * refactoring * refactoring * Add AcquireTokenSilent tests for B2C and ADFS2019, refactor duplicate code in tests (#293) * Add public constants for cloud endpoints (#298) * Add public constants for cloud endpoints * Add license header * Added javadocs * Removed unneeded test * Make IAccount serializable (#297) * Make IAccount objects serializable * Make AuthenticationResult objects not serializable * Add tenant profile/id claims to auth result (#300) * Add tenant profile/id claims to auth result * Minor fix * treat null password as default one - empty string (#304) * treat null password as default one - empty string * Support for refresh_in (#305) * Support for refresh_in * Tests for refresh_in * Add extra null check * Add test for refreshOn cache persistence * refresh on is optional field (#312) * refresh on optional field * 1.8.0 Release (#313) 1.8.0 release * Fix spelling mistake in Prompt.java * Remove use of Nimbus Oauth2 SDK's CommonContentTypes (#322) * Remove use of Nimbus Oauth2 SDK's CommonContentTypes * Add enum for HTTP content-type constants * Remove use of javax.mail.internet.ContentType * Support for claims request parameter (#315) * ClaimsRequest classes * Support for claims request parameter * Tests for claims request * Use Jackson library for JSON processing * Change access level of userinfo and access_token claims * Better merge tests * Remove ability to set claims in userinfo field * Refactor claims field naming * 1.8.1 release (#326) * Version number updates for 1.8.1 release * Minor rewording Co-authored-by: SomkaPe <[email protected]> Co-authored-by: Roman Nosachev <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> * Add check for empty String Co-authored-by: SomkaPe <[email protected]> Co-authored-by: Roman Nosachev <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]>

* 1.8.1 release (#327) * Exception Improvements (#254) * Add null checks for MsalException error code references * Better exception handling for invalid tokens * Better exception handling for invalid tokens * Sync with changes to Azure-Samples/ms-identity-java-desktop (#259) * extra scopes for consent during authorizaion * typo * minor * HTTPClient default timeouts (#264) * Add default timeouts for DefaultHttpClient * Handle 'stay signed in' confirmation page in DeviceCodeIT tests * Small best-practices changes * append extra scopes as suffix * 1.6.2 release (#268) * fixing integ test * Tenant Profiles (#263) * Classes for tenant profile functionality * Implement tenant profile feature * Tests for tenant profile feature * Simplify tenant profile class structure * 1.6.2 release * Classes for tenant profile redesign * Tests for tenant profile redesign * Adjust sample cached ID tokens to have realistic headers * Redesign how Tenant Pofiles are added to Accounts * New error code for JWT parse exceptions * Add claims and tenant profiles fields to Account * Remove annotation excluding realm field from comparisons * Use more generic token * Remove ID token claims field from Account * Minor changes for clarity * Adjust tests for tenant profile design refactor * Refactor tenant profile structure * Minor fixes * Minor fixes * Minor fixes * Simplify tenant profile class Co-authored-by: SomkaPe <[email protected]> * Improve HTTP client timeouts (#275) * 1.6.2 release (#269) * 1.6.2 release * Make DefaultHttpClient timeouts settable * Refactor timeout names Co-authored-by: SomkaPe <[email protected]> * Bewaters certchain (#276) * Support for certificate chain * 1.7.0 release (#277) * Update DefaultHttpClient.java * Fixed parsing ClientInfo: on some accounts, the server response contained characters that are incorrect for Base64 encoding, but acceptable for Base64URL (#282) * sendX5c api (#285) * refactoring (#287) * refactoring * refactoring * refactoring * Add AcquireTokenSilent tests for B2C and ADFS2019, refactor duplicate code in tests (#293) * Add public constants for cloud endpoints (#298) * Add public constants for cloud endpoints * Add license header * Added javadocs * Removed unneeded test * Make IAccount serializable (#297) * Make IAccount objects serializable * Make AuthenticationResult objects not serializable * Add tenant profile/id claims to auth result (#300) * Add tenant profile/id claims to auth result * Minor fix * treat null password as default one - empty string (#304) * treat null password as default one - empty string * Support for refresh_in (#305) * Support for refresh_in * Tests for refresh_in * Add extra null check * Add test for refreshOn cache persistence * refresh on is optional field (#312) * refresh on optional field * 1.8.0 Release (#313) 1.8.0 release * Fix spelling mistake in Prompt.java * Remove use of Nimbus Oauth2 SDK's CommonContentTypes (#322) * Remove use of Nimbus Oauth2 SDK's CommonContentTypes * Add enum for HTTP content-type constants * Remove use of javax.mail.internet.ContentType * Support for claims request parameter (#315) * ClaimsRequest classes * Support for claims request parameter * Tests for claims request * Use Jackson library for JSON processing * Change access level of userinfo and access_token claims * Better merge tests * Remove ability to set claims in userinfo field * Refactor claims field naming * 1.8.1 release (#326) * Version number updates for 1.8.1 release * Minor rewording Co-authored-by: SomkaPe <[email protected]> Co-authored-by: Roman Nosachev <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> * Upgrade oauth2-oidc-sdk dependency version Co-authored-by: SomkaPe <[email protected]> Co-authored-by: Roman Nosachev <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]>

* 1.8.1 release (#327) * Exception Improvements (#254) * Add null checks for MsalException error code references * Better exception handling for invalid tokens * Better exception handling for invalid tokens * Sync with changes to Azure-Samples/ms-identity-java-desktop (#259) * extra scopes for consent during authorizaion * typo * minor * HTTPClient default timeouts (#264) * Add default timeouts for DefaultHttpClient * Handle 'stay signed in' confirmation page in DeviceCodeIT tests * Small best-practices changes * append extra scopes as suffix * 1.6.2 release (#268) * fixing integ test * Tenant Profiles (#263) * Classes for tenant profile functionality * Implement tenant profile feature * Tests for tenant profile feature * Simplify tenant profile class structure * 1.6.2 release * Classes for tenant profile redesign * Tests for tenant profile redesign * Adjust sample cached ID tokens to have realistic headers * Redesign how Tenant Pofiles are added to Accounts * New error code for JWT parse exceptions * Add claims and tenant profiles fields to Account * Remove annotation excluding realm field from comparisons * Use more generic token * Remove ID token claims field from Account * Minor changes for clarity * Adjust tests for tenant profile design refactor * Refactor tenant profile structure * Minor fixes * Minor fixes * Minor fixes * Simplify tenant profile class Co-authored-by: SomkaPe <[email protected]> * Improve HTTP client timeouts (#275) * 1.6.2 release (#269) * 1.6.2 release * Make DefaultHttpClient timeouts settable * Refactor timeout names Co-authored-by: SomkaPe <[email protected]> * Bewaters certchain (#276) * Support for certificate chain * 1.7.0 release (#277) * Update DefaultHttpClient.java * Fixed parsing ClientInfo: on some accounts, the server response contained characters that are incorrect for Base64 encoding, but acceptable for Base64URL (#282) * sendX5c api (#285) * refactoring (#287) * refactoring * refactoring * refactoring * Add AcquireTokenSilent tests for B2C and ADFS2019, refactor duplicate code in tests (#293) * Add public constants for cloud endpoints (#298) * Add public constants for cloud endpoints * Add license header * Added javadocs * Removed unneeded test * Make IAccount serializable (#297) * Make IAccount objects serializable * Make AuthenticationResult objects not serializable * Add tenant profile/id claims to auth result (#300) * Add tenant profile/id claims to auth result * Minor fix * treat null password as default one - empty string (#304) * treat null password as default one - empty string * Support for refresh_in (#305) * Support for refresh_in * Tests for refresh_in * Add extra null check * Add test for refreshOn cache persistence * refresh on is optional field (#312) * refresh on optional field * 1.8.0 Release (#313) 1.8.0 release * Fix spelling mistake in Prompt.java * Remove use of Nimbus Oauth2 SDK's CommonContentTypes (#322) * Remove use of Nimbus Oauth2 SDK's CommonContentTypes * Add enum for HTTP content-type constants * Remove use of javax.mail.internet.ContentType * Support for claims request parameter (#315) * ClaimsRequest classes * Support for claims request parameter * Tests for claims request * Use Jackson library for JSON processing * Change access level of userinfo and access_token claims * Better merge tests * Remove ability to set claims in userinfo field * Refactor claims field naming * 1.8.1 release (#326) * Version number updates for 1.8.1 release * Minor rewording Co-authored-by: SomkaPe <[email protected]> Co-authored-by: Roman Nosachev <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> * Add helper method to create a ClaimsRequest from a string Co-authored-by: SomkaPe <[email protected]> Co-authored-by: Roman Nosachev <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]>

* 1.8.1 release (#327) * Exception Improvements (#254) * Add null checks for MsalException error code references * Better exception handling for invalid tokens * Better exception handling for invalid tokens * Sync with changes to Azure-Samples/ms-identity-java-desktop (#259) * extra scopes for consent during authorizaion * typo * minor * HTTPClient default timeouts (#264) * Add default timeouts for DefaultHttpClient * Handle 'stay signed in' confirmation page in DeviceCodeIT tests * Small best-practices changes * append extra scopes as suffix * 1.6.2 release (#268) * fixing integ test * Tenant Profiles (#263) * Classes for tenant profile functionality * Implement tenant profile feature * Tests for tenant profile feature * Simplify tenant profile class structure * 1.6.2 release * Classes for tenant profile redesign * Tests for tenant profile redesign * Adjust sample cached ID tokens to have realistic headers * Redesign how Tenant Pofiles are added to Accounts * New error code for JWT parse exceptions * Add claims and tenant profiles fields to Account * Remove annotation excluding realm field from comparisons * Use more generic token * Remove ID token claims field from Account * Minor changes for clarity * Adjust tests for tenant profile design refactor * Refactor tenant profile structure * Minor fixes * Minor fixes * Minor fixes * Simplify tenant profile class Co-authored-by: SomkaPe <[email protected]> * Improve HTTP client timeouts (#275) * 1.6.2 release (#269) * 1.6.2 release * Make DefaultHttpClient timeouts settable * Refactor timeout names Co-authored-by: SomkaPe <[email protected]> * Bewaters certchain (#276) * Support for certificate chain * 1.7.0 release (#277) * Update DefaultHttpClient.java * Fixed parsing ClientInfo: on some accounts, the server response contained characters that are incorrect for Base64 encoding, but acceptable for Base64URL (#282) * sendX5c api (#285) * refactoring (#287) * refactoring * refactoring * refactoring * Add AcquireTokenSilent tests for B2C and ADFS2019, refactor duplicate code in tests (#293) * Add public constants for cloud endpoints (#298) * Add public constants for cloud endpoints * Add license header * Added javadocs * Removed unneeded test * Make IAccount serializable (#297) * Make IAccount objects serializable * Make AuthenticationResult objects not serializable * Add tenant profile/id claims to auth result (#300) * Add tenant profile/id claims to auth result * Minor fix * treat null password as default one - empty string (#304) * treat null password as default one - empty string * Support for refresh_in (#305) * Support for refresh_in * Tests for refresh_in * Add extra null check * Add test for refreshOn cache persistence * refresh on is optional field (#312) * refresh on optional field * 1.8.0 Release (#313) 1.8.0 release * Fix spelling mistake in Prompt.java * Remove use of Nimbus Oauth2 SDK's CommonContentTypes (#322) * Remove use of Nimbus Oauth2 SDK's CommonContentTypes * Add enum for HTTP content-type constants * Remove use of javax.mail.internet.ContentType * Support for claims request parameter (#315) * ClaimsRequest classes * Support for claims request parameter * Tests for claims request * Use Jackson library for JSON processing * Change access level of userinfo and access_token claims * Better merge tests * Remove ability to set claims in userinfo field * Refactor claims field naming * 1.8.1 release (#326) * Version number updates for 1.8.1 release * Minor rewording Co-authored-by: SomkaPe <[email protected]> Co-authored-by: Roman Nosachev <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> * Add helper method for creating ClaimsRequest from a string * Version number updates for 1.9.0 release Co-authored-by: SomkaPe <[email protected]> Co-authored-by: Roman Nosachev <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]>

* Exception Improvements (#254) * Add null checks for MsalException error code references * Better exception handling for invalid tokens * Better exception handling for invalid tokens * Sync with changes to Azure-Samples/ms-identity-java-desktop (#259) * extra scopes for consent during authorizaion * typo * minor * HTTPClient default timeouts (#264) * Add default timeouts for DefaultHttpClient * Handle 'stay signed in' confirmation page in DeviceCodeIT tests * Small best-practices changes * append extra scopes as suffix * 1.6.2 release (#268) * fixing integ test * Tenant Profiles (#263) * Classes for tenant profile functionality * Implement tenant profile feature * Tests for tenant profile feature * Simplify tenant profile class structure * 1.6.2 release * Classes for tenant profile redesign * Tests for tenant profile redesign * Adjust sample cached ID tokens to have realistic headers * Redesign how Tenant Pofiles are added to Accounts * New error code for JWT parse exceptions * Add claims and tenant profiles fields to Account * Remove annotation excluding realm field from comparisons * Use more generic token * Remove ID token claims field from Account * Minor changes for clarity * Adjust tests for tenant profile design refactor * Refactor tenant profile structure * Minor fixes * Minor fixes * Minor fixes * Simplify tenant profile class Co-authored-by: SomkaPe <[email protected]> * Improve HTTP client timeouts (#275) * 1.6.2 release (#269) * 1.6.2 release * Make DefaultHttpClient timeouts settable * Refactor timeout names Co-authored-by: SomkaPe <[email protected]> * Bewaters certchain (#276) * Support for certificate chain * 1.7.0 release (#277) * Update DefaultHttpClient.java * Fixed parsing ClientInfo: on some accounts, the server response contained characters that are incorrect for Base64 encoding, but acceptable for Base64URL (#282) * sendX5c api (#285) * refactoring (#287) * refactoring * refactoring * refactoring * Add AcquireTokenSilent tests for B2C and ADFS2019, refactor duplicate code in tests (#293) * Add public constants for cloud endpoints (#298) * Add public constants for cloud endpoints * Add license header * Added javadocs * Removed unneeded test * Make IAccount serializable (#297) * Make IAccount objects serializable * Make AuthenticationResult objects not serializable * Add tenant profile/id claims to auth result (#300) * Add tenant profile/id claims to auth result * Minor fix * treat null password as default one - empty string (#304) * treat null password as default one - empty string * Support for refresh_in (#305) * Support for refresh_in * Tests for refresh_in * Add extra null check * Add test for refreshOn cache persistence * refresh on is optional field (#312) * refresh on optional field * 1.8.0 Release (#313) 1.8.0 release * Fix spelling mistake in Prompt.java * Remove use of Nimbus Oauth2 SDK's CommonContentTypes (#322) * Remove use of Nimbus Oauth2 SDK's CommonContentTypes * Add enum for HTTP content-type constants * Remove use of javax.mail.internet.ContentType * Support for claims request parameter (#315) * ClaimsRequest classes * Support for claims request parameter * Tests for claims request * Use Jackson library for JSON processing * Change access level of userinfo and access_token claims * Better merge tests * Remove ability to set claims in userinfo field * Refactor claims field naming * 1.8.1 release (#326) * Version number updates for 1.8.1 release * Minor rewording * Add missing check when creating tenant profile (#331) * 1.8.1 release (#327) * Exception Improvements (#254) * Add null checks for MsalException error code references * Better exception handling for invalid tokens * Better exception handling for invalid tokens * Sync with changes to Azure-Samples/ms-identity-java-desktop (#259) * extra scopes for consent during authorizaion * typo * minor * HTTPClient default timeouts (#264) * Add default timeouts for DefaultHttpClient * Handle 'stay signed in' confirmation page in DeviceCodeIT tests * Small best-practices changes * append extra scopes as suffix * 1.6.2 release (#268) * fixing integ test * Tenant Profiles (#263) * Classes for tenant profile functionality * Implement tenant profile feature * Tests for tenant profile feature * Simplify tenant profile class structure * 1.6.2 release * Classes for tenant profile redesign * Tests for tenant profile redesign * Adjust sample cached ID tokens to have realistic headers * Redesign how Tenant Pofiles are added to Accounts * New error code for JWT parse exceptions * Add claims and tenant profiles fields to Account * Remove annotation excluding realm field from comparisons * Use more generic token * Remove ID token claims field from Account * Minor changes for clarity * Adjust tests for tenant profile design refactor * Refactor tenant profile structure * Minor fixes * Minor fixes * Minor fixes * Simplify tenant profile class Co-authored-by: SomkaPe <[email protected]> * Improve HTTP client timeouts (#275) * 1.6.2 release (#269) * 1.6.2 release * Make DefaultHttpClient timeouts settable * Refactor timeout names Co-authored-by: SomkaPe <[email protected]> * Bewaters certchain (#276) * Support for certificate chain * 1.7.0 release (#277) * Update DefaultHttpClient.java * Fixed parsing ClientInfo: on some accounts, the server response contained characters that are incorrect for Base64 encoding, but acceptable for Base64URL (#282) * sendX5c api (#285) * refactoring (#287) * refactoring * refactoring * refactoring * Add AcquireTokenSilent tests for B2C and ADFS2019, refactor duplicate code in tests (#293) * Add public constants for cloud endpoints (#298) * Add public constants for cloud endpoints * Add license header * Added javadocs * Removed unneeded test * Make IAccount serializable (#297) * Make IAccount objects serializable * Make AuthenticationResult objects not serializable * Add tenant profile/id claims to auth result (#300) * Add tenant profile/id claims to auth result * Minor fix * treat null password as default one - empty string (#304) * treat null password as default one - empty string * Support for refresh_in (#305) * Support for refresh_in * Tests for refresh_in * Add extra null check * Add test for refreshOn cache persistence * refresh on is optional field (#312) * refresh on optional field * 1.8.0 Release (#313) 1.8.0 release * Fix spelling mistake in Prompt.java * Remove use of Nimbus Oauth2 SDK's CommonContentTypes (#322) * Remove use of Nimbus Oauth2 SDK's CommonContentTypes * Add enum for HTTP content-type constants * Remove use of javax.mail.internet.ContentType * Support for claims request parameter (#315) * ClaimsRequest classes * Support for claims request parameter * Tests for claims request * Use Jackson library for JSON processing * Change access level of userinfo and access_token claims * Better merge tests * Remove ability to set claims in userinfo field * Refactor claims field naming * 1.8.1 release (#326) * Version number updates for 1.8.1 release * Minor rewording Co-authored-by: SomkaPe <[email protected]> Co-authored-by: Roman Nosachev <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> * Add check for empty String Co-authored-by: SomkaPe <[email protected]> Co-authored-by: Roman Nosachev <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> * Update lab API urls * Release pointing to the main branch shows not built... some infrastructure needs to get updated to reflect that this thing is being built. * Region discovery support (#343) * Add Azure regional support * Refactor * Add logs for success/failure to find regional info * Extra log * Upgrade oauth2-oidc-sdk version (#345) * 1.8.1 release (#327) * Exception Improvements (#254) * Add null checks for MsalException error code references * Better exception handling for invalid tokens * Better exception handling for invalid tokens * Sync with changes to Azure-Samples/ms-identity-java-desktop (#259) * extra scopes for consent during authorizaion * typo * minor * HTTPClient default timeouts (#264) * Add default timeouts for DefaultHttpClient * Handle 'stay signed in' confirmation page in DeviceCodeIT tests * Small best-practices changes * append extra scopes as suffix * 1.6.2 release (#268) * fixing integ test * Tenant Profiles (#263) * Classes for tenant profile functionality * Implement tenant profile feature * Tests for tenant profile feature * Simplify tenant profile class structure * 1.6.2 release * Classes for tenant profile redesign * Tests for tenant profile redesign * Adjust sample cached ID tokens to have realistic headers * Redesign how Tenant Pofiles are added to Accounts * New error code for JWT parse exceptions * Add claims and tenant profiles fields to Account * Remove annotation excluding realm field from comparisons * Use more generic token * Remove ID token claims field from Account * Minor changes for clarity * Adjust tests for tenant profile design refactor * Refactor tenant profile structure * Minor fixes * Minor fixes * Minor fixes * Simplify tenant profile class Co-authored-by: SomkaPe <[email protected]> * Improve HTTP client timeouts (#275) * 1.6.2 release (#269) * 1.6.2 release * Make DefaultHttpClient timeouts settable * Refactor timeout names Co-authored-by: SomkaPe <[email protected]> * Bewaters certchain (#276) * Support for certificate chain * 1.7.0 release (#277) * Update DefaultHttpClient.java * Fixed parsing ClientInfo: on some accounts, the server response contained characters that are incorrect for Base64 encoding, but acceptable for Base64URL (#282) * sendX5c api (#285) * refactoring (#287) * refactoring * refactoring * refactoring * Add AcquireTokenSilent tests for B2C and ADFS2019, refactor duplicate code in tests (#293) * Add public constants for cloud endpoints (#298) * Add public constants for cloud endpoints * Add license header * Added javadocs * Removed unneeded test * Make IAccount serializable (#297) * Make IAccount objects serializable * Make AuthenticationResult objects not serializable * Add tenant profile/id claims to auth result (#300) * Add tenant profile/id claims to auth result * Minor fix * treat null password as default one - empty string (#304) * treat null password as default one - empty string * Support for refresh_in (#305) * Support for refresh_in * Tests for refresh_in * Add extra null check * Add test for refreshOn cache persistence * refresh on is optional field (#312) * refresh on optional field * 1.8.0 Release (#313) 1.8.0 release * Fix spelling mistake in Prompt.java * Remove use of Nimbus Oauth2 SDK's CommonContentTypes (#322) * Remove use of Nimbus Oauth2 SDK's CommonContentTypes * Add enum for HTTP content-type constants * Remove use of javax.mail.internet.ContentType * Support for claims request parameter (#315) * ClaimsRequest classes * Support for claims request parameter * Tests for claims request * Use Jackson library for JSON processing * Change access level of userinfo and access_token claims * Better merge tests * Remove ability to set claims in userinfo field * Refactor claims field naming * 1.8.1 release (#326) * Version number updates for 1.8.1 release * Minor rewording Co-authored-by: SomkaPe <[email protected]> Co-authored-by: Roman Nosachev <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> * Upgrade oauth2-oidc-sdk dependency version Co-authored-by: SomkaPe <[email protected]> Co-authored-by: Roman Nosachev <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> * Add String-to-ClaimsRequest helper method (#344) * 1.8.1 release (#327) * Exception Improvements (#254) * Add null checks for MsalException error code references * Better exception handling for invalid tokens * Better exception handling for invalid tokens * Sync with changes to Azure-Samples/ms-identity-java-desktop (#259) * extra scopes for consent during authorizaion * typo * minor * HTTPClient default timeouts (#264) * Add default timeouts for DefaultHttpClient * Handle 'stay signed in' confirmation page in DeviceCodeIT tests * Small best-practices changes * append extra scopes as suffix * 1.6.2 release (#268) * fixing integ test * Tenant Profiles (#263) * Classes for tenant profile functionality * Implement tenant profile feature * Tests for tenant profile feature * Simplify tenant profile class structure * 1.6.2 release * Classes for tenant profile redesign * Tests for tenant profile redesign * Adjust sample cached ID tokens to have realistic headers * Redesign how Tenant Pofiles are added to Accounts * New error code for JWT parse exceptions * Add claims and tenant profiles fields to Account * Remove annotation excluding realm field from comparisons * Use more generic token * Remove ID token claims field from Account * Minor changes for clarity * Adjust tests for tenant profile design refactor * Refactor tenant profile structure * Minor fixes * Minor fixes * Minor fixes * Simplify tenant profile class Co-authored-by: SomkaPe <[email protected]> * Improve HTTP client timeouts (#275) * 1.6.2 release (#269) * 1.6.2 release * Make DefaultHttpClient timeouts settable * Refactor timeout names Co-authored-by: SomkaPe <[email protected]> * Bewaters certchain (#276) * Support for certificate chain * 1.7.0 release (#277) * Update DefaultHttpClient.java * Fixed parsing ClientInfo: on some accounts, the server response contained characters that are incorrect for Base64 encoding, but acceptable for Base64URL (#282) * sendX5c api (#285) * refactoring (#287) * refactoring * refactoring * refactoring * Add AcquireTokenSilent tests for B2C and ADFS2019, refactor duplicate code in tests (#293) * Add public constants for cloud endpoints (#298) * Add public constants for cloud endpoints * Add license header * Added javadocs * Removed unneeded test * Make IAccount serializable (#297) * Make IAccount objects serializable * Make AuthenticationResult objects not serializable * Add tenant profile/id claims to auth result (#300) * Add tenant profile/id claims to auth result * Minor fix * treat null password as default one - empty string (#304) * treat null password as default one - empty string * Support for refresh_in (#305) * Support for refresh_in * Tests for refresh_in * Add extra null check * Add test for refreshOn cache persistence * refresh on is optional field (#312) * refresh on optional field * 1.8.0 Release (#313) 1.8.0 release * Fix spelling mistake in Prompt.java * Remove use of Nimbus Oauth2 SDK's CommonContentTypes (#322) * Remove use of Nimbus Oauth2 SDK's CommonContentTypes * Add enum for HTTP content-type constants * Remove use of javax.mail.internet.ContentType * Support for claims request parameter (#315) * ClaimsRequest classes * Support for claims request parameter * Tests for claims request * Use Jackson library for JSON processing * Change access level of userinfo and access_token claims * Better merge tests * Remove ability to set claims in userinfo field * Refactor claims field naming * 1.8.1 release (#326) * Version number updates for 1.8.1 release * Minor rewording Co-authored-by: SomkaPe <[email protected]> Co-authored-by: Roman Nosachev <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> * Add helper method to create a ClaimsRequest from a string Co-authored-by: SomkaPe <[email protected]> Co-authored-by: Roman Nosachev <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> * 1.9.0 release (#346) * 1.8.1 release (#327) * Exception Improvements (#254) * Add null checks for MsalException error code references * Better exception handling for invalid tokens * Better exception handling for invalid tokens * Sync with changes to Azure-Samples/ms-identity-java-desktop (#259) * extra scopes for consent during authorizaion * typo * minor * HTTPClient default timeouts (#264) * Add default timeouts for DefaultHttpClient * Handle 'stay signed in' confirmation page in DeviceCodeIT tests * Small best-practices changes * append extra scopes as suffix * 1.6.2 release (#268) * fixing integ test * Tenant Profiles (#263) * Classes for tenant profile functionality * Implement tenant profile feature * Tests for tenant profile feature * Simplify tenant profile class structure * 1.6.2 release * Classes for tenant profile redesign * Tests for tenant profile redesign * Adjust sample cached ID tokens to have realistic headers * Redesign how Tenant Pofiles are added to Accounts * New error code for JWT parse exceptions * Add claims and tenant profiles fields to Account * Remove annotation excluding realm field from comparisons * Use more generic token * Remove ID token claims field from Account * Minor changes for clarity * Adjust tests for tenant profile design refactor * Refactor tenant profile structure * Minor fixes * Minor fixes * Minor fixes * Simplify tenant profile class Co-authored-by: SomkaPe <[email protected]> * Improve HTTP client timeouts (#275) * 1.6.2 release (#269) * 1.6.2 release * Make DefaultHttpClient timeouts settable * Refactor timeout names Co-authored-by: SomkaPe <[email protected]> * Bewaters certchain (#276) * Support for certificate chain * 1.7.0 release (#277) * Update DefaultHttpClient.java * Fixed parsing ClientInfo: on some accounts, the server response contained characters that are incorrect for Base64 encoding, but acceptable for Base64URL (#282) * sendX5c api (#285) * refactoring (#287) * refactoring * refactoring * refactoring * Add AcquireTokenSilent tests for B2C and ADFS2019, refactor duplicate code in tests (#293) * Add public constants for cloud endpoints (#298) * Add public constants for cloud endpoints * Add license header * Added javadocs * Removed unneeded test * Make IAccount serializable (#297) * Make IAccount objects serializable * Make AuthenticationResult objects not serializable * Add tenant profile/id claims to auth result (#300) * Add tenant profile/id claims to auth result * Minor fix * treat null password as default one - empty string (#304) * treat null password as default one - empty string * Support for refresh_in (#305) * Support for refresh_in * Tests for refresh_in * Add extra null check * Add test for refreshOn cache persistence * refresh on is optional field (#312) * refresh on optional field * 1.8.0 Release (#313) 1.8.0 release * Fix spelling mistake in Prompt.java * Remove use of Nimbus Oauth2 SDK's CommonContentTypes (#322) * Remove use of Nimbus Oauth2 SDK's CommonContentTypes * Add enum for HTTP content-type constants * Remove use of javax.mail.internet.ContentType * Support for claims request parameter (#315) * ClaimsRequest classes * Support for claims request parameter * Tests for claims request * Use Jackson library for JSON processing * Change access level of userinfo and access_token claims * Better merge tests * Remove ability to set claims in userinfo field * Refactor claims field naming * 1.8.1 release (#326) * Version number updates for 1.8.1 release * Minor rewording Co-authored-by: SomkaPe <[email protected]> Co-authored-by: Roman Nosachev <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> * Add helper method for creating ClaimsRequest from a string * Version number updates for 1.9.0 release Co-authored-by: SomkaPe <[email protected]> Co-authored-by: Roman Nosachev <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> Co-authored-by: SomkaPe <[email protected]> Co-authored-by: Roman Nosachev <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> Co-authored-by: Santiago Gonzalez <[email protected]> Co-authored-by: henrikm <[email protected]>

wavoe · 2021-02-02T19:18:29Z

@Avery-Dunn
This still seems to be an issue after the update to 1.9.0 using Spring Boot >= 2.4

Caused by: java.lang.NoSuchMethodError: com.nimbusds.jwt.JWTClaimsSet.toJSONObject()Lnet/minidev/json/JSONObject;
	at com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet.parse(JWTAuthenticationClaimsSet.java:166) ~[oauth2-oidc-sdk-8.23.1.jar:8.23.1]
	at com.nimbusds.oauth2.sdk.auth.JWTAuthentication.<init>(JWTAuthentication.java:139) ~[oauth2-oidc-sdk-8.23.1.jar:8.23.1]
	at com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT.<init>(PrivateKeyJWT.java:251) ~[oauth2-oidc-sdk-8.23.1.jar:8.23.1]
	at com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT.parse(PrivateKeyJWT.java:286) ~[oauth2-oidc-sdk-8.23.1.jar:8.23.1]
	at com.microsoft.aad.msal4j.ConfidentialClientApplication.createClientAuthFromClientAssertion(ConfidentialClientApplication.java:97) ~[msal4j-1.9.0.jar:1.9.0]
	at com.microsoft.aad.msal4j.ConfidentialClientApplication.buildValidClientCertificateAuthority(ConfidentialClientApplication.java:89) ~[msal4j-1.9.0.jar:1.9.0]
	at com.microsoft.aad.msal4j.ConfidentialClientApplication.initClientAuthentication(ConfidentialClientApplication.java:66) ~[msal4j-1.9.0.jar:1.9.0]
	at com.microsoft.aad.msal4j.ConfidentialClientApplication.<init>(ConfidentialClientApplication.java:56) ~[msal4j-1.9.0.jar:1.9.0]
	at com.microsoft.aad.msal4j.ConfidentialClientApplication.<init>(ConfidentialClientApplication.java:32) ~[msal4j-1.9.0.jar:1.9.0]
	at com.microsoft.aad.msal4j.ConfidentialClientApplication$Builder.build(ConfidentialClientApplication.java:144) ~[msal4j-1.9.0.jar:1.9.0]
	at org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule.identifyToken(OAuthBearerLoginModule.java:316) ~[kafka-clients-2.6.0.jar:na]
	at org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule.login(OAuthBearerLoginModule.java:301) ~[kafka-clients-2.6.0.jar:na]
	at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726) ~[na:na]
	at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665) ~[na:na]
	at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663) ~[na:na]
	at java.base/java.security.AccessController.doPrivileged(Native Method) ~[na:na]
	at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663) ~[na:na]
	at java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574) ~[na:na]
	at org.apache.kafka.common.security.oauthbearer.internals.expiring.ExpiringCredentialRefreshingLogin.login(ExpiringCredentialRefreshingLogin.java:204) ~[kafka-clients-2.6.0.jar:na]
	at org.apache.kafka.common.security.oauthbearer.internals.OAuthBearerRefreshingLogin.login(OAuthBearerRefreshingLogin.java:150) ~[kafka-clients-2.6.0.jar:na]
	at org.apache.kafka.common.security.authenticator.LoginManager.<init>(LoginManager.java:62) ~[kafka-clients-2.6.0.jar:na]
	at org.apache.kafka.common.security.authenticator.LoginManager.acquireLoginManager(LoginManager.java:105) ~[kafka-clients-2.6.0.jar:na]
	at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:158) ~[kafka-clients-2.6.0.jar:na]
	... 8 common frames omitted

Avery-Dunn · 2021-02-02T23:44:15Z

Hello @wavoe : The original issue was that the 8.23 version of oauth2-oidc-sdk removed a deprecated version of a file we used from the 7,4 version. Your issue seems to be that it can't find a method from nimbus-jose-jwt that a class in oauth2-oidc-sdk uses, which is weirder because both should be coming from Spring Boot.

I'm unable to recreate your error using Spring Boot 2.4, even after adding some extra stuff to specifically call that .toJSONObject() method. What version of nimbus-jose-jwt is your project using?

I believe nimbus-jose-jwt is a transient dependency in our library and we just get it from oauth2-oidc-sdk, and before version 2.4 Spring Boot doesn't seem to have had it as a direct dependency either, so perhaps your project is still using a version from before these dependency updates?

larzza · 2021-02-03T10:17:18Z

Hi @Avery-Dunn!

Just like @wavoe I have the same issue after upgrading.

./gradlew dependencies reveals transitive dependencies to com.nimbusds:nimbus-jose-jwt from com.microsoft.azure:msal4j.

Like so:

+--- com.microsoft.azure:msal4j:1.9.0
|    +--- com.nimbusds:oauth2-oidc-sdk:8.23.1
|    |    +--- com.github.stephenc.jcip:jcip-annotations:1.0-1
|    |    +--- com.nimbusds:content-type:2.1
|    |    +--- net.minidev:json-smart:[1.3.1,2.3] -> 2.3
|    |    |    \--- net.minidev:accessors-smart:1.2
|    |    |         \--- org.ow2.asm:asm:5.0.4
|    |    +--- com.nimbusds:lang-tag:1.4.4
|    |    \--- com.nimbusds:nimbus-jose-jwt:8.18 -> 9.1.3
|    |         \--- com.github.stephenc.jcip:jcip-annotations:1.0-1

com.microsoft.azure:msal4j:1.9.0 -> com.nimbusds:oauth2-oidc-sdk:8.23.1 -> com.nimbusds:nimbus-jose-jwt:8.18

But we get com.nimbusds:nimbus-jose-jwt:9.13, I assume because of upgraded dependencies in Springboot 2.4

In com.nimbusds:nimbus-jose-jwt:8.18: public static JWTClaimsSet parse(final JSONObject json)
In com.nimbusds:nimbus-jose-jwt:9.13: public static JWTClaimsSet parse(final Map<String, Object> json)

Conclusion: msal4j need a newer dependency to com.nimbusds:oauth2-oidc-sdk than 8.23.1.

Does that make sense?

Remove use of Nimbus Oauth2 SDK's CommonContentTypes

ce24a74

Avery-Dunn requested review from SomkaPe and sangonzal November 30, 2020 23:20

Avery-Dunn added 2 commits November 30, 2020 15:23

Add enum for HTTP content-type constants

42abd46

Remove use of javax.mail.internet.ContentType

072529b

sangonzal approved these changes Dec 1, 2020

View reviewed changes

Avery-Dunn mentioned this pull request Dec 1, 2020

Spring Boot 2.4 dependency conflict #316

Closed

Avery-Dunn merged commit 7d94eed into dev Dec 7, 2020

Avery-Dunn mentioned this pull request Dec 10, 2020

1.8.1 release #326

Merged

Avery-Dunn mentioned this pull request Dec 15, 2020

Update Nimbus SDK version 8.22 #311

Closed

larzza mentioned this pull request Feb 3, 2021

Newer version of com.nimbusds:oauth2-oidc-sdk still needed for spring-boot 2.4 to work #348

Closed

Avery-Dunn mentioned this pull request Apr 27, 2021

Update oauth2-oidc-sdk dependency to version 9.4 AzureAD/azure-activedirectory-library-for-java#306

Merged

siddhijain deleted the avdunn/nimbus-dependency-fix branch January 19, 2022 18:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Remove use of Nimbus Oauth2 SDK's CommonContentTypes#322

Remove use of Nimbus Oauth2 SDK's CommonContentTypes#322
Avery-Dunn merged 3 commits intodevfrom
avdunn/nimbus-dependency-fix

Avery-Dunn commented Nov 30, 2020

Uh oh!

sangonzal left a comment

Uh oh!

davidkarlsen commented Dec 14, 2020

Uh oh!

wavoe commented Feb 2, 2021

Uh oh!

Avery-Dunn commented Feb 2, 2021

Uh oh!

larzza commented Feb 3, 2021 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Conversation

Avery-Dunn commented Nov 30, 2020

Uh oh!

sangonzal left a comment

Choose a reason for hiding this comment

Uh oh!

davidkarlsen commented Dec 14, 2020

Uh oh!

wavoe commented Feb 2, 2021

Uh oh!

Avery-Dunn commented Feb 2, 2021

Uh oh!

larzza commented Feb 3, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

larzza commented Feb 3, 2021 •

edited

Loading