Crash parser when user Scope.PROFILE,Scope.OPENID_CONNECT
ttymsd opened this issue · 1 comments
ttymsd commented
Is it a security issue?
No?
If you believe you have discovered a vulnerability or have an issue related to security, please send us a mail to dl_oss_dev@linecorp.com instead of opening a public issue.
What did you do?
I requested with this parameters.
val intent = LineLoginApi.getLoginIntent(
requireContext(), BuildConfig.LINE_CHANNEL_ID, LineAuthenticationParams.Builder()
.scopes(arrayListOf(Scope.PROFILE, Scope.OPENID_CONNECT))
.build()
)
startActivityForResult(intent, REQUEST_LINE_SIGN_IN)
I gave response error and not got token on release build using R8 full mode. But debug build not occurred.
06-05 12:54:44.234 1068 8022 I ActivityTaskManager: START u0 {dat=lineauth://result?code=hogeFuga flg=0x14000000 cmp=jp.cldh/com.linecorp.linesdk.auth.internal.LineAuthenticationActivity} from uid 10635
06-05 12:54:44.238 1068 8022 W ActivityTaskManager: Duplicate finish request for ActivityRecord{4a2af0a u0 jp.cldh/com.linecorp.linesdk.auth.internal.LineAuthenticationCallbackActivity t27405 f}
06-05 12:54:44.299 23070 23249 E IdTokenParser: failed to parse IdToken: hogefuga
06-05 12:54:44.299 23070 23249 E IdTokenParser: r.b.d.g: Unable to load class named [io.jsonwebtoken.impl.DefaultJwtParser] from the thread context, current, or system/application ClassLoaders. All heuristics have been exhausted. Class could not be found.
06-05 12:54:44.299 23070 23249 E IdTokenParser: at r.b.b.a(:1)
06-05 12:54:44.299 23070 23249 E IdTokenParser: at com.linecorp.linesdk.internal.nwclient.IdTokenParser.a(Unknown Source:8)
06-05 12:54:44.299 23070 23249 E IdTokenParser: at com.linecorp.linesdk.internal.nwclient.LineAuthenticationApiClient$IssueAccessTokenResultParser.a(:3)
06-05 12:54:44.299 23070 23249 E IdTokenParser: at com.linecorp.linesdk.internal.nwclient.JsonToObjectBaseResponseParser.a(Unknown Source:6)
06-05 12:54:44.299 23070 23249 E IdTokenParser: at com.linecorp.linesdk.internal.nwclient.core.ChannelServiceHttpClient.a(Unknown Source:99)
06-05 12:54:44.299 23070 23249 E IdTokenParser: at com.linecorp.linesdk.internal.nwclient.core.ChannelServiceHttpClient.b(:2)
06-05 12:54:44.299 23070 23249 E IdTokenParser: at com.linecorp.linesdk.auth.internal.LineAuthenticationController$AccessTokenRequestTask.doInBackground(:1)
06-05 12:54:44.299 23070 23249 E IdTokenParser: at android.os.AsyncTask$3.call(AsyncTask.java:378)
06-05 12:54:44.299 23070 23249 E IdTokenParser: at java.util.concurrent.FutureTask.run(FutureTask.java:266)
06-05 12:54:44.299 23070 23249 E IdTokenParser: at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:289)
06-05 12:54:44.299 23070 23249 E IdTokenParser: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
06-05 12:54:44.299 23070 23249 E IdTokenParser: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
06-05 12:54:44.299 23070 23249 E IdTokenParser: at java.lang.Thread.run(Thread.java:919)
Your environment?
Android OS: Q beta 3
Device: Essential Phone PH-1
LINE SDK Version: 5.0.1
and emulator Android OS: SDK_INT=28
plateaukao commented
Hi, @ttymsd
If you use line sdk by using its aar, please remember to include following lines to your build.gradle
api 'io.jsonwebtoken:jjwt-api:0.10.5'
runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.10.5'
runtimeOnly ('io.jsonwebtoken:jjwt-orgjson:0.10.5') {
exclude group: 'org.json', module: 'json' //provided by Android natively
}
If you already included above imports, could you try to add following lines to your proguard configuration?
-keep class io.jsonwebtoken.** { *; }