Nimbus openid - can't parse Azure OIDC Metadata

Question

When calling

Issuer issuer = new Issuer("https://login.microsoftonline.com/common");
OIDCProviderConfigurationRequest oidcProviderConfigurationRequest = new OIDCProviderConfigurationRequest(issuer);

HTTPRequest httpRequest = oidcProviderConfigurationRequest.toHTTPRequest();
HTTPResponse httpResponse = httpRequest.send();

OIDCProviderMetadata.parse(httpResponse.getContentAsJSONObject());

I get the following

Caused by: java.net.URISyntaxException: Illegal character in path at index 24: https://sts.windows.net/{tenantid}/
    at java.net.URI$Parser.fail(URI.java:2848)
    at java.net.URI$Parser.checkChars(URI.java:3021)
    at java.net.URI$Parser.parseHierarchical(URI.java:3105)
    at java.net.URI$Parser.parse(URI.java:3053)
    at java.net.URI.<init>(URI.java:588)
    at com.nimbusds.oauth2.sdk.util.JSONObjectUtils.getURI(JSONObjectUtils.java:527)

How can i overcome this ?

Not sure i understand, but the decoding is done on nimbusds level. — Saar peer, Oct 14 '20 at 08:13
Hmm, as the error shows, the URL has illegal characters. If the {tenantid} is null, it may also cause the error at `{}`. — unknown, Oct 14 '20 at 08:20
I know - the Azure discovery return a illegal URL and nimbusds can't handle this. The question is there is a way to overcome this? — Saar peer, Oct 14 '20 at 08:39
The error message is telling you where to look. Look at the 24th character of the path. — Carl Zhao, Oct 14 '20 at 09:15
Will it make an error if you change `{tenantid}` to the real id `https://sts.windows.net/e4c9ab4e-bd27-40d5-8459-230ba2a7xxxx/`? In addition, be careful not to include `spaces`, `_`, `{}` and other illegal characters in the URL. — Carl Zhao, Oct 14 '20 at 09:28
If my answer is helpful for you, you can accept it as answer( click on the check mark beside the answer to toggle it from greyed out to filled in.). This can be beneficial to other community members. Thank you. — Carl Zhao, Oct 20 '20 at 01:37
Appreciate your answer, but it seems that problem is more than just a URL decoding. I need to figure out also what is the meaning of the {tenantid} , there is a reason why Nimbus fails to parse the discovery content returned from Azure — Saar peer, Oct 20 '20 at 09:32

score 0 · Answer 1 · answered Oct 15 '20 at 11:11

(Moving from Comments to Answer)

The error message is telling you where to look. Look at the 24th character of the path.You need to make sure that spaces, _, {} and other character cannot appear in the URL.

For how to solution the problem of common illegal characters in URL, there are general solutions, it is recommended to use URLEncoder.

Please see: here.

Nimbus openid - can't parse Azure OIDC Metadata

1 Answers1