From 9275de1eacdbb0951ffc60701652c0955e3b0339 Mon Sep 17 00:00:00 2001
From: iizitounene <idir.izitounene@kubotal.io>
Date: Mon, 3 Jun 2024 22:58:18 +0200
Subject: [PATCH] fix: IDP supported scopes - Turn the exception into a warning
 message #16

---
 pom.xml                                       |  2 +-
 .../io/okdp/spark/authc/OidcAuthFilter.java   |  4 +--
 .../spark/authc/utils/PreconditionsUtils.java | 17 +++++++-----
 .../authc/utils/PreconditionsUtilsTest.java   | 26 -------------------
 4 files changed, 13 insertions(+), 36 deletions(-)

diff --git a/pom.xml b/pom.xml
index bab0281..0d1a9b9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
 
   <groupId>io.okdp</groupId>
   <artifactId>okdp-spark-auth-filter</artifactId>
-  <version>1.2.0</version>
+  <version>1.2.1-SNAPSHOT</version>
 
   <name>OIDC authentication filter for Apache spark</name>
   <description>OIDC authentication filter for Apache spark web UIs (Spark app and History Web UIs)
diff --git a/src/main/java/io/okdp/spark/authc/OidcAuthFilter.java b/src/main/java/io/okdp/spark/authc/OidcAuthFilter.java
index c251516..b3e4abf 100644
--- a/src/main/java/io/okdp/spark/authc/OidcAuthFilter.java
+++ b/src/main/java/io/okdp/spark/authc/OidcAuthFilter.java
@@ -20,8 +20,8 @@
 import static io.okdp.spark.authc.utils.HttpAuthenticationUtils.sendError;
 import static io.okdp.spark.authc.utils.PreconditionsUtils.assertCookieSecure;
 import static io.okdp.spark.authc.utils.PreconditionsUtils.assertSupportePKCE;
-import static io.okdp.spark.authc.utils.PreconditionsUtils.assertSupportedScopes;
 import static io.okdp.spark.authc.utils.PreconditionsUtils.checkAuthLogin;
+import static io.okdp.spark.authc.utils.PreconditionsUtils.warnUnsupportedScopes;
 import static java.lang.String.format;
 import static java.util.Optional.ofNullable;
 
@@ -156,7 +156,7 @@ public void init(FilterConfig filterConfig) {
         oidcConfig.wellKnownConfiguration().scopesSupported(),
         oidcConfig.wellKnownConfiguration().supportedPKCECodeChallengeMethods());
 
-    assertSupportedScopes(
+    warnUnsupportedScopes(
         oidcConfig.wellKnownConfiguration().scopesSupported(),
         scope,
         format("%s|env: %s", AUTH_SCOPE, "AUTH_SCOPE"));
diff --git a/src/main/java/io/okdp/spark/authc/utils/PreconditionsUtils.java b/src/main/java/io/okdp/spark/authc/utils/PreconditionsUtils.java
index 7d71f98..8340b59 100644
--- a/src/main/java/io/okdp/spark/authc/utils/PreconditionsUtils.java
+++ b/src/main/java/io/okdp/spark/authc/utils/PreconditionsUtils.java
@@ -28,8 +28,10 @@
 import java.util.List;
 import java.util.Optional;
 import javax.servlet.ServletRequest;
+import lombok.extern.slf4j.Slf4j;
 
 /** Preconditions check utility methods */
+@Slf4j
 public class PreconditionsUtils {
 
   /** Ensures the given string is not null. */
@@ -55,17 +57,18 @@ public static void checkState(String provided, String expected, Object errorMess
    * @param supported
    * @param provided
    */
-  public static void assertSupportedScopes(List<String> supported, String provided, String label) {
+  public static void warnUnsupportedScopes(List<String> supported, String provided, String label) {
     List<String> unsupported =
         Arrays.stream(provided.split("\\+"))
             .filter(element -> !supported.contains(element))
             .collect(toList());
-    checkArgument(
-        unsupported.isEmpty(),
-        format(
-            "The parameter '%s' contains an unsupported scopes '%s' by your oidc provider.\n"
-                + "The supported scopes are: %s",
-            label, unsupported, supported));
+    if (!unsupported.isEmpty()) {
+      log.warn(
+          "The parameter '{}' contains an unsupported scopes '{}' by your oidc provider. The supported scopes are: {}",
+          label,
+          unsupported,
+          supported);
+    }
   }
 
   /** The OIDC provider should support PKCE for public clients */
diff --git a/src/test/java/io/okdp/spark/authc/utils/PreconditionsUtilsTest.java b/src/test/java/io/okdp/spark/authc/utils/PreconditionsUtilsTest.java
index b7333d0..814d48e 100644
--- a/src/test/java/io/okdp/spark/authc/utils/PreconditionsUtilsTest.java
+++ b/src/test/java/io/okdp/spark/authc/utils/PreconditionsUtilsTest.java
@@ -17,7 +17,6 @@
 package io.okdp.spark.authc.utils;
 
 import static io.okdp.spark.authc.utils.PreconditionsUtils.assertSupportePKCE;
-import static io.okdp.spark.authc.utils.PreconditionsUtils.assertSupportedScopes;
 import static java.util.Arrays.asList;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
@@ -73,31 +72,6 @@ public void should_not_throw_any_exception() {
     assertThatCode(validValue).doesNotThrowAnyException();
   }
 
-  @Test
-  public void should_assert_valid_scopes() {
-    // when
-    ThrowingCallable validScopes =
-        () ->
-            assertSupportedScopes(
-                asList("openid", "profile", "email", "roles", "offline_access"),
-                "openid+profile+email",
-                "scope");
-
-    ThrowingCallable unsupportedScopes =
-        () ->
-            assertSupportedScopes(
-                asList("openid", "profile", "email", "roles", "offline_access"),
-                "openid+profile+email+groups+roles+offline_access",
-                "scope");
-
-    // Then
-    assertThatCode(validScopes).doesNotThrowAnyException();
-    assertThatCode(unsupportedScopes)
-        .isInstanceOf(IllegalArgumentException.class)
-        .hasMessageContaining("'[groups]'")
-        .hasMessageContaining("scope");
-  }
-
   @Test
   public void should_support_pkce_for_public_clients() {