openid
fetchFromUrl crashes if issuer URL uses capitalized HTTPS scheme
Checklist:
- [x] I am using the latest release
- [x] I searched for existing GitHub issues
- [x] I read the documentation
- [ ] I verified the client configuration matches the information in the identity provider (or I am using dynamic client registration)
- [ ] I am either using a custom URI scheme or
httpswith App Links for client redirect. - [ ] I can reproduce the issue in the demo app (optional)
Configuration
- Version:
net.openid:appauth:0.11.1 - Integration: React Native
- Identity provider: KC
Issue Description
I have encountered a crash in Android applications when invoking AuthorizationServiceConfiguration.fetchFromUrl with an issuer URL whose scheme contains uppercase letters (e.g., Https://example.com).
I believe that the crash is triggered by the following line in DefaultConnectionBuilder:
Preconditions.checkArgument(HTTPS_SCHEME.equals(uri.getScheme()),
"only https connections are permitted");
Preconditions.checkArgument throws an IllegalArgumentException if the URI scheme does not match "https" exactly (case-sensitive). Currently, this exception is not caught within AuthorizationServiceConfiguration.doInBackground, causing the AsyncTask to crash instead of propagating the error through the RetrieveConfigurationCallback.
Proposed improvement:
Handle IllegalArgumentException in the background task and propagate it through the callback, similar to how IOException and JSONException are handled. This would prevent crashes caused by uppercase scheme letters and improve robustness.
Thank you in advance.
PS I would like to create a PR if any of the contributors considers it a suitable impl however, Im not sure how can I test it quickly and I dont have so much time for it
