michael-o commented on PR #399: URL: https://github.com/apache/httpcomponents-client/pull/399#issuecomment-1355099174
OK, I gave it a shot. OIDC provider is Ping Identity and the target host uses Spring Security. The good news, it works with no, invalid and valid tokens. The following needs to be clarified: * The client has no chance to access response params from https://datatracker.ietf.org/doc/html/rfc6750#section-3 * In logging I see: "[main] DEBUG org.apache.hc.client5.http.impl.auth.BearerScheme - invalid_token (Invalid token)". I think this misses a bit context that this actually comes from the target server. For my taste, it is too sparse. * Optional `error_uri` isn't logged for the developer. I don't know how valuable this information is, at least Spring Security refers to RFC 6750. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For additional commands, e-mail: dev-h...@hc.apache.org
