[
https://issues.apache.org/jira/browse/KNOX-3272?focusedWorklogId=1008235&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1008235
]
ASF GitHub Bot logged work on KNOX-3272:
----------------------------------------
Author: ASF GitHub Bot
Created on: 06/Mar/26 11:57
Start Date: 06/Mar/26 11:57
Worklog Time Spent: 10m
Work Description: smolnar82 opened a new pull request, #1170:
URL: https://github.com/apache/knox/pull/1170
[KNOX-KNOX-3272](https://issues.apache.org/jira/browse/KNOX-3272) - Client
credential flow validation issues
## What changes were proposed in this pull request?
This PR fixes two things:
1. In case of invalid `client_secret`, the response code is 401 (it was 400)
2. No longer possible to validate a client credentials flow request without
the `client_id`
## How was this patch tested?
Updated existing JUnit tests and added a new one to cover point 2.) from
above.
## Integration Tests
N/A
## UI changes
N/A
Issue Time Tracking
-------------------
Worklog Id: (was: 1008235)
Remaining Estimate: 0h
Time Spent: 10m
> ClientID validation issues
> --------------------------
>
> Key: KNOX-3272
> URL: https://issues.apache.org/jira/browse/KNOX-3272
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 3.0.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Critical
> Fix For: 3.0.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The following issues have been observed while testing negative cases for the
> CLIENTID service:
> * Trying to fetch access token without passing secret is failing with 400
> bad request -> this should be 401
> * We can authenticate to a backend service without passing the clientId
> (only with client_secret)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
