Remove oauth2-oidc-sdk dependency from oauth2-jose module

Fixes gh-5891

oauth2/oauth2-jose/spring-security-oauth2-jose.gradle

@@ -6,11 +6,11 @@ dependencies {
 	compile springCoreDependency
 	compile 'com.nimbusds:nimbus-jose-jwt'
 
-	optional 'com.nimbusds:oauth2-oidc-sdk'
 	optional 'io.projectreactor:reactor-core'
 	optional 'org.springframework:spring-webflux'
 
 	testCompile powerMock2Dependencies
 	testCompile 'com.squareup.okhttp3:mockwebserver'
 	testCompile 'io.projectreactor.netty:reactor-netty'
+	testCompile 'com.fasterxml.jackson.core:jackson-databind'
 }

oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoders.java

@@ -15,11 +15,14 @@
  */
 package org.springframework.security.oauth2.jwt;
 
-import com.nimbusds.oauth2.sdk.ParseException;
-import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
-
+import org.springframework.core.ParameterizedTypeReference;
+import org.springframework.http.RequestEntity;
 import org.springframework.security.oauth2.core.OAuth2TokenValidator;
 import org.springframework.web.client.RestTemplate;
+import org.springframework.web.util.UriComponentsBuilder;
+
+import java.net.URI;
+import java.util.Map;
 
 /**
  * Allows creating a {@link JwtDecoder} from an
@@ -42,9 +45,11 @@ public final class JwtDecoders {
 	 * @return a {@link JwtDecoder} that was initialized by the OpenID Provider Configuration.
 	 */
 	public static JwtDecoder fromOidcIssuerLocation(String oidcIssuerLocation) {
-		String openidConfiguration = getOpenidConfiguration(oidcIssuerLocation);
-		OIDCProviderMetadata metadata = parse(openidConfiguration);
-		String metadataIssuer = metadata.getIssuer().getValue();
+		Map<String, Object> openidConfiguration = getOpenidConfiguration(oidcIssuerLocation);
+		String metadataIssuer = "(unavailable)";
+		if (openidConfiguration.containsKey("issuer")) {
+			metadataIssuer = openidConfiguration.get("issuer").toString();
+		}
 		if (!oidcIssuerLocation.equals(metadataIssuer)) {
 			throw new IllegalStateException("The Issuer \"" + metadataIssuer + "\" provided in the OpenID Configuration " +
 					"did not match the requested issuer \"" + oidcIssuerLocation + "\"");
@@ -54,30 +59,26 @@ public final class JwtDecoders {
 				JwtValidators.createDefaultWithIssuer(oidcIssuerLocation);
 
 		NimbusJwtDecoderJwkSupport jwtDecoder =
-				new NimbusJwtDecoderJwkSupport(metadata.getJWKSetURI().toASCIIString());
+				new NimbusJwtDecoderJwkSupport(openidConfiguration.get("jwks_uri").toString());
 		jwtDecoder.setJwtValidator(jwtValidator);
 
 		return jwtDecoder;
 	}
 
-	private static String getOpenidConfiguration(String issuer) {
+	private static Map<String, Object> getOpenidConfiguration(String issuer) {
+		ParameterizedTypeReference<Map<String, Object>> typeReference = new ParameterizedTypeReference<Map<String, Object>>() {};
 		RestTemplate rest = new RestTemplate();
 		try {
-			return rest.getForObject(issuer + "/.well-known/openid-configuration", String.class);
+			URI uri = UriComponentsBuilder.fromUriString(issuer + "/.well-known/openid-configuration")
+					.build()
+					.toUri();
+			RequestEntity<Void> request = RequestEntity.get(uri).build();
+			return rest.exchange(request, typeReference).getBody();
 		} catch(RuntimeException e) {
 			throw new IllegalArgumentException("Unable to resolve the OpenID Configuration with the provided Issuer of " +
 					"\"" + issuer + "\"", e);
 		}
 	}
 
-	private static OIDCProviderMetadata parse(String body) {
-		try {
-			return OIDCProviderMetadata.parse(body);
-		}
-		catch (ParseException e) {
-			throw new RuntimeException(e);
-		}
-	}
-
 	private JwtDecoders() {}
 }

oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/ReactiveJwtDecoders.java

@@ -15,11 +15,14 @@
  */
 package org.springframework.security.oauth2.jwt;
 
-import com.nimbusds.oauth2.sdk.ParseException;
-import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
-
+import org.springframework.core.ParameterizedTypeReference;
+import org.springframework.http.RequestEntity;
 import org.springframework.security.oauth2.core.OAuth2TokenValidator;
 import org.springframework.web.client.RestTemplate;
+import org.springframework.web.util.UriComponentsBuilder;
+
+import java.net.URI;
+import java.util.Map;
 
 /**
  * Allows creating a {@link ReactiveJwtDecoder} from an
@@ -42,9 +45,11 @@ public final class ReactiveJwtDecoders {
 	 * @return a {@link ReactiveJwtDecoder} that was initialized by the OpenID Provider Configuration.
 	 */
 	public static ReactiveJwtDecoder fromOidcIssuerLocation(String oidcIssuerLocation) {
-		String openidConfiguration = getOpenidConfiguration(oidcIssuerLocation);
-		OIDCProviderMetadata metadata = parse(openidConfiguration);
-		String metadataIssuer = metadata.getIssuer().getValue();
+		Map<String, Object> openidConfiguration = getOpenidConfiguration(oidcIssuerLocation);
+		String metadataIssuer = "(unavailable)";
+		if (openidConfiguration.containsKey("issuer")) {
+			metadataIssuer = openidConfiguration.get("issuer").toString();
+		}
 		if (!oidcIssuerLocation.equals(metadataIssuer)) {
 			throw new IllegalStateException("The Issuer \"" + metadataIssuer + "\" provided in the OpenID Configuration " +
 					"did not match the requested issuer \"" + oidcIssuerLocation + "\"");
@@ -54,30 +59,26 @@ public final class ReactiveJwtDecoders {
 				JwtValidators.createDefaultWithIssuer(oidcIssuerLocation);
 
 		NimbusReactiveJwtDecoder jwtDecoder =
-				new NimbusReactiveJwtDecoder(metadata.getJWKSetURI().toASCIIString());
+				new NimbusReactiveJwtDecoder(openidConfiguration.get("jwks_uri").toString());
 		jwtDecoder.setJwtValidator(jwtValidator);
 
 		return jwtDecoder;
 	}
 
-	private static String getOpenidConfiguration(String issuer) {
+	private static Map<String, Object> getOpenidConfiguration(String issuer) {
+		ParameterizedTypeReference<Map<String, Object>> typeReference = new ParameterizedTypeReference<Map<String, Object>>() {};
 		RestTemplate rest = new RestTemplate();
 		try {
-			return rest.getForObject(issuer + "/.well-known/openid-configuration", String.class);
+			URI uri = UriComponentsBuilder.fromUriString(issuer + "/.well-known/openid-configuration")
+					.build()
+					.toUri();
+			RequestEntity<Void> request = RequestEntity.get(uri).build();
+			return rest.exchange(request, typeReference).getBody();
 		} catch(RuntimeException e) {
 			throw new IllegalArgumentException("Unable to resolve the OpenID Configuration with the provided Issuer of " +
 					"\"" + issuer + "\"", e);
 		}
 	}
 
-	private static OIDCProviderMetadata parse(String body) {
-		try {
-			return OIDCProviderMetadata.parse(body);
-		}
-		catch (ParseException e) {
-			throw new RuntimeException(e);
-		}
-	}
-
 	private ReactiveJwtDecoders() {}
 }