libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Handle error when Microsoft Graph API /me returns not successful (#21696)

Browse source 
* Response from Microsoft Graph API /me can be error too. So if that happens, throw an exception instead of trying to extract the user id.

* Update services/src/main/java/org/keycloak/social/microsoft/MicrosoftIdentityProvider.java

Co-authored-by: Ondra Pelech <ondra.pelech@gmail.com>

---------

Co-authored-by: Ondra Pelech <ondra.pelech@gmail.com>
This commit is contained in:
Hunor Kovács 2023-07-26 09:22:52 +02:00 committed by GitHub
parent 9ab5cb31cc
commit 5eb505aba5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
services/src/main/java/org/keycloak/social/microsoft/MicrosoftIdentityProvider.java
View file

@ -69,6 +69,9 @@ public class MicrosoftIdentityProvider extends AbstractOAuth2IdentityProvider im
protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
try {
JsonNode profile = SimpleHttp.doGet(PROFILE_URL, session).auth(accessToken).asJson();
if (profile.has("error") && !profile.get("error").isNull()) {
throw new IdentityBrokerException("Error in Microsoft Graph API response. Payload: " + profile.toString());
}
return extractIdentityFromProfile(null, profile);
} catch (Exception e) {
throw new IdentityBrokerException("Could not obtain user profile from Microsoft Graph", e);