The issuer setting, if supplied via AuthorizationServerSettings.getIssuer(), should not support a path component.
With the current and all previous versions, if AuthorizationServerSettings.getIssuer() was explicitly set with https://provider.com/issuer1, the protocol endpoint URI's returned by OidcProviderConfigurationEndpointFilter and OAuth2AuthorizationServerMetadataEndpointFilter would all be incorrect. For example, token_endpoint would be https://provider.com/issuer1/oauth2/token, which would not resolve for the client since the token endpoint matches on /oauth2/token (by default) and not /issuer1/oauth2/token.
This fix should add a validation preventing a path component for issuer.
NOTE: The path component enables supporting multiple issuers per host for multi-tenant configurations. This enhancement request is being tracked in gh-1342.
Related gh-1419 gh-1416
The issuer setting, if supplied via
AuthorizationServerSettings.getIssuer(), should not support a path component.With the current and all previous versions, if
AuthorizationServerSettings.getIssuer()was explicitly set withhttps://provider.com/issuer1, the protocol endpoint URI's returned byOidcProviderConfigurationEndpointFilterandOAuth2AuthorizationServerMetadataEndpointFilterwould all be incorrect. For example,token_endpointwould behttps://provider.com/issuer1/oauth2/token, which would not resolve for the client since the token endpoint matches on/oauth2/token(by default) and not/issuer1/oauth2/token.This fix should add a validation preventing a path component for issuer.
NOTE: The path component enables supporting multiple issuers per host for multi-tenant configurations. This enhancement request is being tracked in gh-1342.
Related gh-1419 gh-1416