commit 3cd2d5f687a3e3f12c2266ad11acbd3a55b05a6f
author margaretha <margaretha@ids-mannheim.de> Tue May 02 14:51:11 2023 +0200
committer margaretha <margaretha@ids-mannheim.de> Thu May 04 15:09:00 2023 +0200
tree 4f5b24a50ba9ca28bb873031ad3adb8912ac0a95
parent df55472ffa9bf2cf022d4353217b609043ed20c0

Added an error for missing redirect uri in a token request

when it has been included in the authorization request.

Change-Id: I8e5df06825d86802fbdc5c7b4d57f7ed76889772

full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2AuthorizationService.java

diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2AuthorizationService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2AuthorizationService.java
index ff4565b..8da5caa 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2AuthorizationService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2AuthorizationService.java
@@ -163,9 +163,14 @@
 
         String authorizedUri = authorization.getRedirectURI();
         if (authorizedUri != null && !authorizedUri.isEmpty()) {
-            if (!authorizedUri.equals(redirectURI))
+            if (redirectURI == null || redirectURI.isEmpty()) {
+                throw new KustvaktException(StatusCodes.INVALID_REDIRECT_URI,
+                        "Missing redirect URI", OAuth2Error.INVALID_GRANT);
+            }    
+            if (!authorizedUri.equals(redirectURI)) {
                 throw new KustvaktException(StatusCodes.INVALID_REDIRECT_URI,
                         "Invalid redirect URI", OAuth2Error.INVALID_GRANT);
+            }
         }
         else if (redirectURI != null && !redirectURI.isEmpty()) {
             throw new KustvaktException(StatusCodes.INVALID_REDIRECT_URI,