cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-5530) Wrong error code for non existing client's
Date Wed, 29 Jan 2014 21:44:11 GMT

    [ https://issues.apache.org/jira/browse/CXF-5530?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13885849#comment-13885849
] 

Sergey Beryozkin commented on CXF-5530:
---------------------------------------

I've done a partial fix to it (will be shortly in 2.7.9), if the provider throws OAuthServiceException
with OAuthError initialized then it won't be ignored, so you can ensure 'invalid_client' is
reported. A bit more work is needed to handle it at the runtime level...

Sergey

> Wrong error code for non existing client's
> ------------------------------------------
>
>                 Key: CXF-5530
>                 URL: https://issues.apache.org/jira/browse/CXF-5530
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 3.0.0-milestone1, 2.7.8, 3.0.0-milestone2
>            Reporter: Tomasz Kędziora
>
> Currently when I use non existing client_id on call I get response:
> Response Code: 400
> {code}
> {
>   "error": "invalid_request",
>   "error_description": "Client ID is invalid",
>   "error_uri": null
> }
> {code}
> But by RFC it should be returned error=*invalid_client*
> http://tools.ietf.org/html/rfc6749#section-5.2
> Error is generated in that method:
> org.apache.cxf.rs.security.oauth2.services.AccessTokenService.getClient(String)



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message