On Saturday, July 28, 2018 at 12:11:02 AM UTC-4, Phillip Rhodes wrote: > > CAS devs: > > While setting up CAS 5.3.1 to do token introspection, I noticed that if I > intentionally send an invalid token to /oidc/introspect, CAS throws a 500 > error. I would have expected a valid response that says the token is not > active. > > This seems problematic to me, in that it makes it hard to distinguish the > "this token is invalid" case from "CAS is flaking out for some random > reason" case. I'm wondering if the current behavior is by design or if it > should be considered a bug? If it's by design, I'd be curious to hear what > the rationale for this is. Otherwise, I'd be happy to take a stab at > working up a patch for this, unless somebody else particularly wants to > look into it. >
Pull request created. See: https://github.com/apereo/cas/pull/3480 This PR is against the CAS 5.3.x branch. FWIW, I noticed that in the 6.x codebase, this area of the code had already been modified significantly, and I don't know if the same behavior is currently present in 6.x or not. So this patch, if desired at all, may only be needed if there is a subsequent 5.x.x point release down the road. Phil -- You received this message because you are subscribed to the Google Groups "CAS Developer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-dev/.
