From 84ddb27b3dc1065716d426c7ba1980ccc575961c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Romain=20D=C3=A9nari=C3=A9?=
 <romain.denarie@exoplatform.com>
Date: Mon, 1 Jul 2024 17:44:51 +0200
Subject: [PATCH] fix: When wellKnownUrl is temporary not reachable, and get
 back online, the OIDC login not working - EXO-62561

Before this fix, if the well know url is not reachable, the server is unable to read it when it came back online.
In addition, the error message is not clear.
This commit improve the error message and ensure to be able to reread the url if it came back online

Resolved meeds-io/meeds#2252
---
 .../oauth/openid/OpenIdProcessorImpl.java     | 33 ++++++++++++-------
 1 file changed, 22 insertions(+), 11 deletions(-)

diff --git a/component/oauth-auth/src/main/java/io/meeds/oauth/openid/OpenIdProcessorImpl.java b/component/oauth-auth/src/main/java/io/meeds/oauth/openid/OpenIdProcessorImpl.java
index 2cbe86931ec..ce7e9b2fc6a 100644
--- a/component/oauth-auth/src/main/java/io/meeds/oauth/openid/OpenIdProcessorImpl.java
+++ b/component/oauth-auth/src/main/java/io/meeds/oauth/openid/OpenIdProcessorImpl.java
@@ -81,7 +81,8 @@ public class OpenIdProcessorImpl implements OpenIdProcessor, Startable {
 
   private final String                accessType;
 
-  private final String                wellKnownConfigurationUrl;
+  private final String  wellKnownConfigurationUrl;
+  private       boolean wellKnownConfigurationLoaded;
 
   private final String                applicationName;
 
@@ -98,6 +99,7 @@ public OpenIdProcessorImpl(ExoContainerContext context, InitParams params, Secur
     this.clientSecret = params.getValueParam("clientSecret").getValue();
     String redirectURLParam = params.getValueParam("redirectURL").getValue();
     this.wellKnownConfigurationUrl = params.getValueParam("wellKnownConfigurationUrl").getValue();
+    this.wellKnownConfigurationLoaded = false;
     String scope = params.getValueParam("scope").getValue();
     this.accessType = params.getValueParam("accessType").getValue();
     ValueParam appNameParam = params.getValueParam("applicationName");
@@ -183,6 +185,10 @@ protected InteractionState<OpenIdAccessTokenContext> processOAuthInteractionImpl
   //
   protected InteractionState<OpenIdAccessTokenContext> initialInteraction(HttpServletRequest request,
                                                                           HttpServletResponse response) throws IOException {
+
+    if (!this.wellKnownConfigurationLoaded) {
+      readWellKnownConfiguration();
+    }
     String verificationState = String.valueOf(secureRandomService.getSecureRandom().nextLong());
     String authorizeUrl = this.authenticationURL + "?" + "response_type=code" + "&client_id=" + this.clientID + "&scope="
         + this.scopes.stream().collect(Collectors.joining(" ")) + "&redirect_uri=" + this.redirectURL + "&state="
@@ -449,15 +455,7 @@ public void start() {
         return;
       }
       try {
-        String wellKnownConfigurationContent = readUrl(new URL(this.wellKnownConfigurationUrl));
-        if (wellKnownConfigurationContent != null) {
-          JSONObject json = new JSONObject(wellKnownConfigurationContent);
-          this.authenticationURL = json.getString("authorization_endpoint");
-          this.accessTokenURL = json.getString("token_endpoint");
-          this.userInfoURL = json.getString("userinfo_endpoint");
-          this.issuer = json.getString("issuer");
-          this.remoteJwkSigningKeyResolver = new RemoteJwkSigningKeyResolver(this.wellKnownConfigurationUrl);
-        }
+        readWellKnownConfiguration();
       } catch (JSONException e) {
         log.error("Unable to read webKnownUrl content : " + this.wellKnownConfigurationUrl, e);
       } catch (MalformedURLException e) {
@@ -466,6 +464,19 @@ public void start() {
     }
   }
 
+  private void readWellKnownConfiguration() throws MalformedURLException {
+    String wellKnownConfigurationContent = readUrl(new URL(this.wellKnownConfigurationUrl));
+    if (wellKnownConfigurationContent != null) {
+      JSONObject json = new JSONObject(wellKnownConfigurationContent);
+      this.authenticationURL = json.getString("authorization_endpoint");
+      this.accessTokenURL = json.getString("token_endpoint");
+      this.userInfoURL = json.getString("userinfo_endpoint");
+      this.issuer = json.getString("issuer");
+      this.remoteJwkSigningKeyResolver = new RemoteJwkSigningKeyResolver(this.wellKnownConfigurationUrl);
+      this.wellKnownConfigurationLoaded = true;
+    }
+  }
+
   @Override
   public void stop() {
     // Nothing to stop
@@ -481,7 +492,7 @@ private static String readUrl(URL url) {
 
       return buffer.toString();
     } catch (IOException e) {
-      log.error(e.getMessage());
+      log.error("Unable to read url {}",url,e);
     }
     return null;
   }