refactor authentication process to use service-provider configuration from pending-request

1 files changed, 12 insertions, 3 deletions

diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 52204d7f6..22ceda4f1 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -17,6 +17,7 @@ import org.springframework.web.bind.annotation.RequestMethod;
 import com.google.gson.JsonObject;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
 import at.gv.egovernment.moa.id.moduls.IAction;
@@ -122,9 +123,17 @@ public class OAuth20Protocol extends AbstractProtocolModulController {
 	 */
 	public IRequest preProcess(HttpServletRequest request, HttpServletResponse resp, String action) throws MOAIDException {
 		// validation is done inside creation
-		OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request);
-		Logger.debug("Created: " + res);
-		return res;
+		
+		try {
+			OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request);
+			Logger.debug("Created: " + res);
+			return res;
+			
+		} catch (OAuth20Exception e) {
+			Logger.info("OpenID-Connect request has a validation error: " + e.getMessage());
+			throw new InvalidProtocolRequestException(e.getMessage(), null);
+			
+		}
 	}
 	
 	/*