Details
-
Bug
-
Resolution: Fixed
-
Critical
-
1.36.0
-
Unit
-
Unknown
-
Description
When an object of the class XWiki.OIDC.ClientConfigurationClass has an empty userInfoRefreshRate property, then it fallbacks to 0.
This is because of org.xwiki.contrib.oidc.auth.store.OIDCClientConfiguration#getUserInfoRefreshRate() uses BaseCollection#getIntValue() which returns an int and not an Integer, so the value cannot be null. See: https://github.com/xwiki-contrib/oidc/blob/2f5602fe2990109f96348939f2389024c912237b/oidc-authenticator-configuration/src/main/java/org/xwiki/contrib/oidc/auth/store/OIDCClientConfiguration.java#L563
It is a bug, because the expected behavior should be like org.xwiki.contrib.oidc.auth.internal.OIDCClientConfiguration#getUserInfoRefreshRate() which returns 600000 when the property is not filled (see: https://github.com/xwiki-contrib/oidc/blob/2f5602fe2990109f96348939f2389024c912237b/oidc-authenticator/src/main/java/org/xwiki/contrib/oidc/auth/internal/OIDCClientConfiguration.java#L709).
As a result, we have performances problems.
Logs are full of:
2024-01-12 15:15:28,127 [pool-26-thread-1] ERROR o.x.c.o.a.i.OIDCUserManager - Failed to update user informations org.xwiki.contrib.oidc.provider.internal.OIDCException: Failed to get user info:INVALID_TOKEN at org.xwiki.contrib.oidc.auth.internal.OIDCUserManager.updateUserInfo(OIDCUserManager.java:194) at org.xwiki.contrib.oidc.auth.internal.OIDCUserManager.lambda$updateUserInfoAsync$0(OIDCUserManager.java:134) at org.xwiki.context.concurrent.ExecutionContextRunnable.run(ExecutionContextRunnable.java:71) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:829)