OpenIDConnectAuth.discover: Only reset supported grant types when the server sends it #729
Description
Version
5.0.4
Context
While using OpenIDConnectAuth.discover, I am setting supportedGrantTypes to be only implicit. In our specific scenario, we are using the OAuth2 handler only to validate JWT access tokens sent by clients, therefore we don't need any other grant type.
After discovery, the OpenIDConnectAuth resets supportedGrantTypes to null. When validating the configuration, OAuth2Auth falls back to the default, which is auth_code, implicit, leading to the following exception:
java.lang.IllegalStateException: Configuration missing. You need to specify [clientId]
at io.vertx.ext.auth.oauth2.OAuth2Options.validate(OAuth2Options.java:629) ~[vertx-auth-oauth2-5.0.4.jar:5.0.4]
at io.vertx.ext.auth.oauth2.impl.OAuth2AuthProviderImpl.<init>(OAuth2AuthProviderImpl.java:70) ~[vertx-auth-oauth2-5.0.4.jar:5.0.4]
at io.vertx.ext.auth.oauth2.OAuth2Auth.create(OAuth2Auth.java:56) ~[vertx-auth-oauth2-5.0.4.jar:5.0.4]
at io.vertx.ext.auth.oauth2.providers.OpenIDConnectAuth.lambda$discover$1(OpenIDConnectAuth.java:149) ~[vertx-auth-oauth2-5.0.4.jar:5.0.4]
at io.vertx.core.impl.future.Composition.complete(Composition.java:40) ~[vertx-core-5.0.4.jar:5.0.4]
at io.vertx.core.impl.future.FutureBase.emitResult(FutureBase.java:68) ~[vertx-core-5.0.4.jar:5.0.4]
at io.vertx.core.impl.future.FutureImpl.completeInternal(FutureImpl.java:163) ~[vertx-core-5.0.4.jar:5.0.4]
at io.vertx.core.impl.future.FutureBase.emitResult(FutureBase.java:68) ~[vertx-core-5.0.4.jar:5.0.4]
although no clientId should be required, because it was never intended to be used.
A potential solution would be to reset the supportedGrantTypes only when the authorization server defines grant_types_supported the field in its response. Otherwise the configured grant types should be kept.
Steps to reproduce
No response
Do you have a reproducer?
No response