Re: [PR] GUACAMOLE-2258 : OpenID code flow, client secret and PKCE [guacamole-client]

Thu, 09 Apr 2026 22:49:48 -0700 


adb014 commented on code in PR #1198:
URL: https://github.com/apache/guacamole-client/pull/1198#discussion_r3062355441


##########
extensions/guacamole-auth-sso/modules/guacamole-auth-sso-openid/src/main/java/org/apache/guacamole/auth/openid/conf/ConfigurationService.java:
##########
@@ -334,7 +419,130 @@ public String getIssuer() throws GuacamoleException {
      *     property is missing.
      */
     public URI getJWKSEndpoint() throws GuacamoleException {
-        return environment.getRequiredProperty(OPENID_JWKS_ENDPOINT);
+        URI jwks_uri =  environment.getProperty(OPENID_JWKS_ENDPOINT);
+        jwks_uri = jwks_uri == null ? confWellKnown.getJWKSEndpoint() : 
jwks_uri;
+        if (jwks_uri == null) {
+            throw new GuacamoleException("Property openid-jwks-endpoint or 
openid-well-known-endpoint is required");
+        }
+        return jwks_uri;
+    }
+
+    /**
+     * Returns the token endpoint (URI) of the OIDC service as
+     * configured with guacamole.properties.
+     *
+     * @return
+     *     The token endpoint of the OIDC service, as configured with
+     *     guacamole.properties.
+     *
+     * @throws GuacamoleException
+     *     If guacamole.properties cannot be parsed, or if the token
+     *     endpoint property is missing.
+     */
+    public URI getTokenEndpoint() throws GuacamoleException {
+        URI token_endpoint = environment.getProperty(OPENID_TOKEN_ENDPOINT);
+        token_endpoint = token_endpoint == null ? 
confWellKnown.getTokenEndpoint() : token_endpoint;
+        if (token_endpoint == null) {
+            throw new GuacamoleException("Property openid-token-endpoint or 
openid-well-known-endpoint is required");
+        }
+        return token_endpoint;
+    }
+    
+    /**
+     * Returns the well-known endpoint (URI) of the OIDC service as
+     * configured with guacamole.properties.
+     *
+     * @return
+     *     The well-known endpoint of the OIDC service, as configured with
+     *     guacamole.properties.
+     *
+     * @throws GuacamoleException
+     *     If guacamole.properties cannot be parsed, or if the well-known
+     *     endpoint property is missing.
+     */
+    public URI getWellKnownEndpoint() throws GuacamoleException {
+        return confWellKnown.getWellKnownEndpoint();
+    }    

Review Comment:
   It’s not called anywhere. It’s implemented for completeness of the 
confService class, so all configuration variables have a getter. It might be 
used later. 
   
   It can be removed if you prefer



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to