OpenID Connect MalformedURLException upon user avatar


I’ve setup OpenID-Connect from XWiki to an external provider (Jetbrains Hub) and get a timeout upon trying to login. The user is created properly but in the logs I can see the following error message:

[http-nio-8080-exec-1 - https://XXX/xwiki/oidc/authenticator/callback?code=XXX&state=XXX] WARN o.x.c.o.a.i.OIDCUserManager - Failed to get user avatar from URL [data:image/png;base64,XXX]: MalformedURLException: unknown protocol: data

Directly before that in the log I get several messages from the security manager but they don’t seem to be related:

[http-nio-8080-exec-10 - https://XXX/xwiki/bin/view/Main/] INFO .u.i.DefaultURLSecurityManager - Domain of URL [https://XXX/hub/api/rest/oauth2/auth?scope=openid+profile+email+address&claims={}&response_type=code&redirect_uri=https%3A%2F%2FXXX%2Fxwiki%2Foidc%2Fauthenticator%2Fcallback&state=XXX&client_id=XXX] does not belong to the list of trusted domains but it’s considered as trusted since the check has been bypassed.

XWiki-Version: 12.10.10 LTS (XWiki Standard Flavor)
OpenID-Connect-Authenticator: 1.28

Any ideas how to solve this or should I open a bug report?

Kind regards,

According to the error, the provider send back “data:image/png;base64,XXX” for what is defined in the OIDC protocol as supposed to be a URL.

They stretched quite a bit the definition of “URL” but I guess it could make sense to support inline images URIs. Would be great if you could create an issue for it on Loading.... If you feel like working on this you can find the code which deal with the user picture on oidc/oidc-authenticator/src/main/java/org/xwiki/contrib/oidc/auth/internal/ at master · xwiki-contrib/oidc · GitHub.

In the meantime, the only consequence for you is that you get a warning, and you are missing the user profile pictures.

Thank you for your help. I’ve created a ticket.