-
Notifications
You must be signed in to change notification settings - Fork 828
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
return unauthorized_client in oauth2 error code #2575
Conversation
We have created an issue in Pivotal Tracker to manage this: https://www.pivotaltracker.com/story/show/186333540 The labels on this github issue will be updated when the story is started. |
7ad1c1c
to
dc772e8
Compare
dc772e8
to
b8deef9
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I want to validate the one question inline before approving.
uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java
Outdated
Show resolved
Hide resolved
In case of an exception there is a generic www-authenticate header which ends in a browser popup. For Oauth2 errors this is normally not required. Ensure with this commit to stay with same header message
@bruce-ricard since you are active on some issues, can you please check if you see an issue with this, I would like to solve this for next release |
@strehle Should this be |
not necessarily, but currently used unauthorized_client to have it similar to non stand unauthorized code. My tests with others have shown, that they use invalid_client, but unauthorized_client is also oauth2 complaint. But therefore asked the other UAA maintainer for their thouths |
The issue addressed in this ticket is with invalid client credentials, the error response was expected to be as follows as per https://www.rfc-editor.org/rfc/rfc6749#section-5.2 Code: 401 Unauthorized whereas -> unauthorized_client : The authenticated client is not authorized to use this authorization grant type. |
Thank you for clarifying this @neelalex |
close this, because we have clarifid we go with the alternative PR #2596 |
return unauthorized_client in oauth2 error response
Fix for issue #2545