Merge pull request #2 from curityio/bugfix/fix-usage-with-proxy

Fix the authenticator to work behind a proxy

Author: mtrojanowski

README.rst

@@ -13,13 +13,13 @@ This project provides an opens source StackExchange Authenticator plug-in for th
 System Requirements
 ~~~~~~~~~~~~~~~~~~~
 
-* Curity Identity Server 2.4.0 and `its system requirements <https://developer.curity.io/docs/latest/system-admin-guide/system-requirements.html>`_
+* Curity Identity Server 7.0.2 and `its system requirements <https://developer.curity.io/docs/latest/system-admin-guide/system-requirements.html>`_
 
 Requirements for Building from Source
 """""""""""""""""""""""""""""""""""""
 
 * Maven 3
-* Java JDK v. 8
+* Java SDK 17 or later
 
 Compiling the Plug-in from Source
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>io.curity.identityserver.plugin</groupId>
     <artifactId>identityserver.plugins.authenticators.stackexchange</artifactId>
-    <version>1.1.0</version>
+    <version>1.2.0</version>
 
     <name>StackExchange Authenticator</name>
 
@@ -21,8 +21,8 @@
                 <artifactId>maven-compiler-plugin</artifactId>
                 <version>3.1</version>
                 <configuration>
-                    <source>1.8</source>
-                    <target>1.8</target>
+                    <source>17</source>
+                    <target>17</target>
                 </configuration>
             </plugin>
         </plugins>
@@ -32,12 +32,12 @@
         <dependency>
             <groupId>se.curity.identityserver</groupId>
             <artifactId>identityserver.sdk</artifactId>
-            <version>2.4.0</version>
+            <version>7.1.0</version>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>1.7.22</version>
+            <version>1.7.36</version>
         </dependency>
     </dependencies>
 
@@ -71,4 +71,4 @@
             <url>https://nexus.curity.se/nexus/content/repositories/customer-snapshot-repo/</url>
         </snapshotRepository>
     </distributionManagement>
-</project>
+</project>

src/main/java/io/curity/identityserver/plugin/stackexchange/authentication/CallbackRequestHandler.java

@@ -50,6 +50,7 @@
 import java.util.Objects;
 import java.util.Optional;
 
+import static io.curity.identityserver.plugin.stackexchange.authentication.RedirectUriUtil.createRedirectUri;
 import static se.curity.identityserver.sdk.http.HttpRequest.createFormUrlEncodedBodyProcessor;
 
 public class CallbackRequestHandler
@@ -208,12 +209,14 @@ private Map<String, Collection<String>> createQueryParameters(String accessToken
 
     private Map<String, Object> redeemCodeForTokens(CallbackGetRequestModel requestModel)
     {
+        var redirectUri = createRedirectUri(_authenticatorInformationProvider, _exceptionFactory);
+
         URI uri = URI.create("https://stackexchange.com/oauth/access_token/json");
         HttpResponse tokenResponse = _webServiceClientFactory.create(uri)
                 .request()
                 .contentType("application/x-www-form-urlencoded")
                 .body(createFormUrlEncodedBodyProcessor(createPostData(_config.getClientId(),
-                        _config.getClientSecret(), requestModel.getCode(), requestModel.getRequestUrl())))
+                        _config.getClientSecret(), requestModel.getCode(), redirectUri)))
                 .post()
                 .response();
         int statusCode = tokenResponse.statusCode();

src/main/java/io/curity/identityserver/plugin/stackexchange/authentication/RedirectUriUtil.java

@@ -0,0 +1,48 @@
+/*
+ *  Copyright 2022 Curity AB
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package io.curity.identityserver.plugin.stackexchange.authentication;
+
+import se.curity.identityserver.sdk.errors.ErrorCode;
+import se.curity.identityserver.sdk.service.ExceptionFactory;
+import se.curity.identityserver.sdk.service.authentication.AuthenticatorInformationProvider;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import static io.curity.identityserver.plugin.stackexchange.descriptor.StackExchangeAuthenticatorPluginDescriptor.CALLBACK;
+
+final class RedirectUriUtil
+{
+    private RedirectUriUtil()
+    {
+    }
+
+    static String createRedirectUri(AuthenticatorInformationProvider authenticatorInformationProvider, ExceptionFactory exceptionFactory)
+    {
+        try
+        {
+            var authUri = authenticatorInformationProvider.getFullyQualifiedAuthenticationUri();
+
+            return new URL(authUri.toURL(), authUri.getPath() + "/" + CALLBACK).toString();
+        }
+        catch (MalformedURLException e)
+        {
+            throw exceptionFactory.internalServerException(ErrorCode.INVALID_REDIRECT_URI,
+                    "Could not create redirect URI");
+        }
+    }
+}

src/main/java/io/curity/identityserver/plugin/stackexchange/authentication/StackExchangeAuthenticatorRequestHandler.java

@@ -41,6 +41,7 @@
 import java.util.Set;
 import java.util.UUID;
 
+import static io.curity.identityserver.plugin.stackexchange.authentication.RedirectUriUtil.createRedirectUri;
 import static io.curity.identityserver.plugin.stackexchange.descriptor.StackExchangeAuthenticatorPluginDescriptor.CALLBACK;
 import static se.curity.identityserver.sdk.http.RedirectStatusCode.MOVED_TEMPORARILY;
 
@@ -65,7 +66,7 @@ public Optional<AuthenticationResult> get(Request request, Response response)
     {
         _logger.info("GET request received for authentication authentication");
 
-        String redirectUri = createRedirectUri();
+        String redirectUri = createRedirectUri(_authenticatorInformationProvider, _exceptionFactory);
         String state = UUID.randomUUID().toString();
         Map<String, Collection<String>> queryStringArguments = new LinkedHashMap<>(5);
         Set<String> scopes = new LinkedHashSet<>(4);
@@ -121,19 +122,4 @@ private static void addQueryString(Map<String, Collection<String>> queryStringAr
     {
         queryStringArguments.put(key, Collections.singleton(value.toString()));
     }
-
-    private String createRedirectUri()
-    {
-        try
-        {
-            URI authUri = _authenticatorInformationProvider.getFullyQualifiedAuthenticationUri();
-
-            return new URL(authUri.toURL(), authUri.getPath() + "/" + CALLBACK).toString();
-        }
-        catch (MalformedURLException e)
-        {
-            throw _exceptionFactory.internalServerException(ErrorCode.INVALID_REDIRECT_URI,
-                    "Could not create redirect URI");
-        }
-    }
-}
+}