Skip to content

Reject malformed requests in DockerEndpoint#49042

Closed
abhishekS14 wants to merge 3 commits into
keycloak:mainfrom
abhishekS14:main
Closed

Reject malformed requests in DockerEndpoint#49042
abhishekS14 wants to merge 3 commits into
keycloak:mainfrom
abhishekS14:main

Conversation

@abhishekS14
Copy link
Copy Markdown

@abhishekS14 abhishekS14 commented May 16, 2026

Signed off: Abhishek Supsande([abhisheksupsande7@gmail.com])
Solves #49009

Reject malformed authorization requests in DockerEndpoint

Add validation for AuthorizationEndpointRequest.getInvalidRequestMessage()
after parseRequest() in DockerEndpoint.build().

Previously, malformed requests (such as duplicated query parameters)
were accepted and processed because the Docker auth flow ignored parser
validation results. This allowed malformed scope parameters to bypass
request validation policies.

The fix aligns Docker endpoint behaviour with the OIDC authorization
endpoint, which already rejects invalid requests via
AuthorizationEndpointChecker.checkInvalidRequestMessage().

PS - Couldn't find a relevant test class to add a test. Can push a new unit test class for DockerEndpoint.

@abhishekS14 abhishekS14 requested a review from a team as a code owner May 16, 2026 19:30
@abhishekS14 abhishekS14 closed this by deleting the head repository May 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@abhishekS14