Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

return unauthorized_client in oauth2 error code #2575

Closed
wants to merge 2 commits into from

Conversation

strehle
Copy link
Member

@strehle strehle commented Oct 25, 2023

return unauthorized_client in oauth2 error response

Fix for issue #2545

@cf-gitbot
Copy link

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/186333540

The labels on this github issue will be updated when the story is started.

@strehle strehle linked an issue Oct 25, 2023 that may be closed by this pull request
@strehle strehle added this to the 76.25.0 milestone Oct 26, 2023
@strehle strehle added the in_review The PR is currently in review label Oct 26, 2023
@Tallicia Tallicia self-assigned this Oct 31, 2023
Copy link
Contributor

@Tallicia Tallicia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I want to validate the one question inline before approving.

@Tallicia Tallicia added clarification needed The issue is not accepted but we need clarification and removed unscheduled labels Oct 31, 2023
In case of an exception there is a generic
www-authenticate header which ends in a browser
popup. For Oauth2 errors this is normally not
required. Ensure with this commit to stay
with same header message
@strehle strehle requested a review from Tallicia November 1, 2023 08:53
@strehle strehle modified the milestones: 76.25.0, 76.26.0 Nov 3, 2023
@strehle
Copy link
Member Author

strehle commented Nov 7, 2023

@bruce-ricard since you are active on some issues, can you please check if you see an issue with this, I would like to solve this for next release

@neelalex
Copy link

neelalex commented Nov 8, 2023

@strehle Should this be invalid_client as you mentioned in the ticket?

@strehle
Copy link
Member Author

strehle commented Nov 8, 2023

@strehle Should this be invalid_client as you mentioned in the ticket?

not necessarily, but currently used unauthorized_client to have it similar to non stand unauthorized code.

My tests with others have shown, that they use invalid_client, but unauthorized_client is also oauth2 complaint.

But therefore asked the other UAA maintainer for their thouths

@neelalex
Copy link

neelalex commented Nov 8, 2023

@strehle Should this be invalid_client as you mentioned in the ticket?

not necessarily, but currently used unauthorized_client to have it similar to non stand unauthorized code.

My tests with others have shown, that they use invalid_client, but unauthorized_client is also oauth2 complaint.

But therefore asked the other UAA maintainer for their thouths

The issue addressed in this ticket is with invalid client credentials, the error response was expected to be as follows as per https://www.rfc-editor.org/rfc/rfc6749#section-5.2

Code: 401 Unauthorized
Body:
“error”: “invalid_client”
“error_description”: “Bad credentials”

whereas -> unauthorized_client : The authenticated client is not authorized to use this authorization grant type.
This means this error occurs when the client is not authorized to request the requested resource, even if the client credentials are valid. It typically indicates that the client does not have the necessary permissions or scope to access the requested resource.

@Tallicia
Copy link
Contributor

Tallicia commented Nov 9, 2023

Thank you for clarifying this @neelalex

@strehle strehle linked an issue Nov 13, 2023 that may be closed by this pull request
@strehle strehle removed in_review The PR is currently in review clarification needed The issue is not accepted but we need clarification labels Nov 16, 2023
@strehle
Copy link
Member Author

strehle commented Nov 16, 2023

close this, because we have clarifid we go with the alternative PR #2596

@strehle strehle closed this Nov 16, 2023
@strehle strehle deleted the fix/issue/2545-1 branch December 1, 2023 12:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Development

Successfully merging this pull request may close these issues.

Error response code not compliant to RFC 6749
4 participants