Polish gh-6349

Author: jgrandja

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java

@@ -55,10 +55,10 @@ public OidcIdTokenValidator(ClientRegistration clientRegistration) {
 	public OAuth2TokenValidatorResult validate(Jwt idToken) {
 		// 3.1.3.7  ID Token Validation
 		// http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
-		Map<String, Object> invalidClaims = validateRequiredClaims(idToken);
 
-		if (!invalidClaims.isEmpty()){
-			return  OAuth2TokenValidatorResult.failure(invalidIdToken(invalidClaims));
+		Map<String, Object> invalidClaims = validateRequiredClaims(idToken);
+		if (!invalidClaims.isEmpty()) {
+			return OAuth2TokenValidatorResult.failure(invalidIdToken(invalidClaims));
 		}
 
 		// 2. The Issuer Identifier for the OpenID Provider (which is typically obtained during Discovery)
@@ -121,13 +121,14 @@ public OAuth2TokenValidatorResult validate(Jwt idToken) {
 
 	private static OAuth2Error invalidIdToken(Map<String, Object> invalidClaims) {
 		String claimsDetail = invalidClaims.entrySet().stream()
-				.map(it -> it.getKey()+ "("+it.getValue()+")")
+				.map(it -> it.getKey() + " (" + it.getValue() + ")")
 				.collect(Collectors.joining(", "));
-
-		return new OAuth2Error("invalid_id_token", "The ID Token contains invalid claims: "+claimsDetail, null);
+		return new OAuth2Error("invalid_id_token",
+				"The ID Token contains invalid claims: " + claimsDetail,
+				"https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation");
 	}
 
-	private static Map<String, Object>  validateRequiredClaims(Jwt idToken){
+	private static Map<String, Object> validateRequiredClaims(Jwt idToken) {
 		Map<String, Object> requiredClaims = new HashMap<>();
 
 		URL issuer = idToken.getIssuer();

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java

@@ -66,7 +66,6 @@ public void validateIdTokenWhenIssuerNullThenHasErrors() {
 				.hasSize(1)
 				.extracting(OAuth2Error::getDescription)
 				.allMatch(msg -> msg.contains(IdTokenClaimNames.ISS));
-
 	}
 
 	@Test
@@ -194,17 +193,6 @@ public void validateIdTokenWhenMissingClaimsThenHasErrors() {
 				.allMatch(msg -> msg.contains(IdTokenClaimNames.EXP));
 	}
 
-	@Test(expected = IllegalArgumentException.class)
-	public void validateIdTokenWhenNoClaimsThenHasErrors() {
-		this.claims.remove(IdTokenClaimNames.ISS);
-		this.claims.remove(IdTokenClaimNames.SUB);
-		this.claims.remove(IdTokenClaimNames.AUD);
-		this.issuedAt = null;
-		this.expiresAt = null;
-		assertThat(this.validateIdToken())
-				.hasSize(1);
-	}
-
 	private Collection<OAuth2Error> validateIdToken() {
 		Jwt idToken = new Jwt("token123", this.issuedAt, this.expiresAt, this.headers, this.claims);
 		OidcIdTokenValidator validator = new OidcIdTokenValidator(this.registration.build());