private OidcClient newSpyOidcClient() {
  setSettings(true);
  OidcClient client = createSpyOidcClient();
  try {
    OIDCTokenResponse tokenResponse = OIDCTokenResponse.parse(JSONObjectUtils.parse(
        "{\"access_token\":\"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ3djY4UzUybDZTWVUxNGFfd0N3VElJT01WV1d1RXVXUFNBcERjYXo5Rnd3In0.eyJqdGkiOiIzMWNkOWM3YS05YTM3LTRiOTktOTViMC1jNzJlNGYzNGY4ODEiLCJleHAiOjE1MTQzMDcwNTQsIm5iZiI6MCwiaWF0IjoxNTE0MzA2NzU0LCJpc3MiOiJodHRwOi8vbWFjYm9vay1wcm8uZnJpdHouYm94OjgwODAvYXV0aC9yZWFsbXMvc3NvIiwiYXVkIjoic29uYXJxdWJlIiwic3ViIjoiYWZhYmE1OTItYWM4NS00Y2YxLThlYzYtMDA1OGQxNTdmODgyIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoic29uYXJxdWJlIiwiYXV0aF90aW1lIjoxNTE0MzA2NzU0LCJzZXNzaW9uX3N0YXRlIjoiYWE2N2NjNjktN2EwNi00N2QxLWJhMDAtNjk2NDZlNjBiOGJlIiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwOi8vbWFjYm9vay1wcm8uZnJpdHouYm94OjgwODIvIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sIm5hbWUiOiJKb2huIERvbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImpvaG4uZG9vIiwiZ2l2ZW5fbmFtZSI6IkpvaG4iLCJmYW1pbHlfbmFtZSI6IkRvbyIsImVtYWlsIjoiam9obi5kb29AYWNtZS5jb20ifQ.YElE-QodhPc8cUGo3jhT-phkmS3k_fHHDXhVm54m4wIZKDFeOnJD0spYkcODrIrOc04ibbinKJERtiBRxBF0P4RQq7NY08rgxFqt1STNrDb9tr4N_qEDXQ_66OUJKQIMd1L5yB5dzj73XAR1LRkhZSfVmDEGyE6A0x5rxgAeWCXUqMWOOq8Vq0ksdXiXeSdyg2n1XWU2j-uf6GB6mMtLXA0NddzQMOxPyhAKCGJRDJTwwb0fXzPeOVOvXO918rahsJ4iFn7wDnV2vaFBu37SNID7Iqmx3D_ptS2QrCdItg6nnK589BpcQMamTHINIQbkF-7LQH-U_yVJyEkOVrPzoQ\","
            + "\"refresh_token\":\"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ3djY4UzUybDZTWVUxNGFfd0N3VElJT01WV1d1RXVXUFNBcERjYXo5Rnd3In0.eyJqdGkiOiI3NzJkZTg1ZS1jNjcxLTQ0NDgtYTAwYS04ZjVkZTRkOWNlZTYiLCJleHAiOjE1MTQzMDg1NTQsIm5iZiI6MCwiaWF0IjoxNTE0MzA2NzU0LCJpc3MiOiJodHRwOi8vbWFjYm9vay1wcm8uZnJpdHouYm94OjgwODAvYXV0aC9yZWFsbXMvc3NvIiwiYXVkIjoic29uYXJxdWJlIiwic3ViIjoiYWZhYmE1OTItYWM4NS00Y2YxLThlYzYtMDA1OGQxNTdmODgyIiwidHlwIjoiUmVmcmVzaCIsImF6cCI6InNvbmFycXViZSIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6ImFhNjdjYzY5LTdhMDYtNDdkMS1iYTAwLTY5NjQ2ZTYwYjhiZSIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX19.Sqg5bqxEkpcg6r66fPW1X-RZvOMeKxHLl4Xk7S4BzGMiDNE8FlkbxW0JWUEm35oI3D0TVYv0B_MSFVc6mENBQeW3boJAtKUUCQy2FYKU4jta3KF-WLwKoTeU22ry-ZhRuJlydK-t0U3tB2ldWXTTfVI1qjHADIFt2RSggwhpU4iwZJiihxhk2KbVngClrNJ6Bk2olM276gopKzz9GN3erLXHZRtnzS3ZpyPvFzCoatP8v-FItAk01izToLbjyCjjicCBZfiMCw1_T0Zc1yz7l2kS0AE2kRBSDo58NggVL8yyXPhaLibigxYcIdawl9FpE3w5aiEquCH5WuQv5tt6LA\","
            + "\"scope\":\"\","
            + "\"id_token\":\"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ3djY4UzUybDZTWVUxNGFfd0N3VElJT01WV1d1RXVXUFNBcERjYXo5Rnd3In0.eyJqdGkiOiIwYzdkNDQ0Yy1iM2MxLTQzM2YtODQ1OC1iYzRlYmQ4YjM4MGIiLCJleHAiOjE1MTQzMDcwNTQsIm5iZiI6MCwiaWF0IjoxNTE0MzA2NzU0LCJpc3MiOiJodHRwOi8vbWFjYm9vay1wcm8uZnJpdHouYm94OjgwODAvYXV0aC9yZWFsbXMvc3NvIiwiYXVkIjoic29uYXJxdWJlIiwic3ViIjoiYWZhYmE1OTItYWM4NS00Y2YxLThlYzYtMDA1OGQxNTdmODgyIiwidHlwIjoiSUQiLCJhenAiOiJzb25hcnF1YmUiLCJhdXRoX3RpbWUiOjE1MTQzMDY3NTQsInNlc3Npb25fc3RhdGUiOiJhYTY3Y2M2OS03YTA2LTQ3ZDEtYmEwMC02OTY0NmU2MGI4YmUiLCJhY3IiOiIxIiwibmFtZSI6IkpvaG4gRG9vIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiam9obi5kb28iLCJnaXZlbl9uYW1lIjoiSm9obiIsImZhbWlseV9uYW1lIjoiRG9vIiwiZW1haWwiOiJqb2huLmRvb0BhY21lLmNvbSJ9.UwqM6TGPrpMpK70FKxX9ZQWyUySjx7fxeV5IAT2PtzTH4xZKLJQbQmb4uD9z7o5azK5fgYc9xQfJKQX2y2euz-mtSdjueqkPAY-djQEc2kyvb-4Nd9Qc4Uiy19aAuooNdM-pAiYhfvyQQiGMRe3z68sq45mgfDpKMBcV-5bOJNafQ8tLLEonzT37-1GMfuAMv7ppx4HmdUDQccZ0D4nBqmeFRPcA3BghPZJ6eThR_mRsuYW1yZDg5tMle2cZe80mnIZSTW349cPwJFfmQDNT7XQBHHTCa6pYsBoqs2KYadOnbMSPCXZ-agd0DzffgtujsBvrUWV8tXSZ7axY34xMQQ\","
            + "\"token_type\":\"Bearer\",\"expires_in\":300}"));
    doReturn(tokenResponse).when(client).getTokenResponse(new AuthorizationCode(VALID_CODE), CALLBACK_URL);

    TokenErrorResponse errorTokenResponse = TokenErrorResponse
        .parse(JSONObjectUtils.parse("{\"error\":\"invalid_request\"}"));
    doReturn(errorTokenResponse).when(client).getTokenResponse(new AuthorizationCode(INVALID_CODE), CALLBACK_URL);

    UserInfo userInfo = new UserInfo(tokenResponse.getOIDCTokens().getIDToken().getJWTClaimsSet());
    doReturn(userInfo).when(client).getUserInfo(new AuthorizationCode(VALID_CODE), CALLBACK_URL);
  } catch (ParseException | java.text.ParseException e) {
    // ignore
  }
  return client;
}
 

@Test
public void tokenErrorResponseWithoutErrorCode() {
  OidcClient underTest = newSpyOidcClient();
  TokenErrorResponse errorTokenResponse = new TokenErrorResponse(new ErrorObject(null));
  doReturn(errorTokenResponse).when(underTest).getTokenResponse(new AuthorizationCode("no_error"), CALLBACK_URL);
  try {
    underTest.getUserInfo(new AuthorizationCode("no_error"), CALLBACK_URL);
    failBecauseExceptionWasNotThrown(IllegalStateException.class);
  } catch (IllegalStateException e) {
    assertEquals("Token request failed: No error code returned (identity provider not reachable - "
        + "check network proxy setting 'http.nonProxyHosts' in 'sonar.properties')", e.getMessage());
  }
}
 

@Override
public SsoAuthenticated processLoginResponse() {
	HttpServletRequest request = (HttpServletRequest) RequestCycle.get().getRequest().getContainerRequest();
	try {
		AuthenticationResponse authenticationResponse = AuthenticationResponseParser.parse(
				new URI(request.getRequestURI() + "?" + request.getQueryString()));
		if (authenticationResponse instanceof AuthenticationErrorResponse) {
			throw buildException(((AuthenticationErrorResponse)authenticationResponse).getErrorObject()); 
		} else {
			AuthenticationSuccessResponse authenticationSuccessResponse = 
					(AuthenticationSuccessResponse)authenticationResponse;
			
			String state = (String) Session.get().getAttribute(SESSION_ATTR_STATE);
			
			if (state == null || !state.equals(authenticationSuccessResponse.getState().getValue()))
				throw new AuthenticationException("Unsolicited OIDC authentication response");
			
			AuthorizationGrant codeGrant = new AuthorizationCodeGrant(
					authenticationSuccessResponse.getAuthorizationCode(), getCallbackUri());

			ClientID clientID = new ClientID(getClientId());
			Secret clientSecret = new Secret(getClientSecret());
			ClientAuthentication clientAuth = new ClientSecretBasic(clientID, clientSecret);
			TokenRequest tokenRequest = new TokenRequest(
					new URI(getCachedProviderMetadata().getTokenEndpoint()), clientAuth, codeGrant);
			HTTPResponse httpResponse = tokenRequest.toHTTPRequest().send();
			if (httpResponse.getStatusCode() == HTTPResponse.SC_OK) {
				JSONObject jsonObject = httpResponse.getContentAsJSONObject();
				if (jsonObject.get("error") != null) 
					throw buildException(TokenErrorResponse.parse(jsonObject).getErrorObject());
				else 
					return processTokenResponse(OIDCAccessTokenResponse.parse(jsonObject));
			} else {
				ErrorObject error = TokenErrorResponse.parse(httpResponse).getErrorObject();
				if (error != null) {
					throw buildException(error);
				} else {
					String message = String.format("Error requesting OIDC token: http status: %d", 
							httpResponse.getStatusCode());
					throw new AuthenticationException(message);
				}
			}
		}
	} catch (ParseException | URISyntaxException|SerializeException|IOException e) {
		throw new RuntimeException(e);
	}
}