Hi, I am working on the jira IDENTITY-6155 <https://wso2.org/jira/browse/IDENTITY-6155>. When Invoking the user info endpoint without adding the access token to the 'Bearer' header causes the server to return an ArrayIndexOutOfBoundsException with the full stacktrace to the client.
As per the OIDC/oauth2.0 specifications[1][2], this sort of a request can be treated as an invalid request. Please refer the PR[3] which fixes this issue. [1]- http://openid.net/specs/openid-connect-core-1_0.html#UserInfoError [2]- https://tools.ietf.org/html/rfc6750#section-6.2 [3]- https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/420 Thank you. -- *Hasini Witharana* Software Engineering Intern | WSO2 *Email : [email protected] <[email protected]>* *Mobile : +94713850143[image: http://wso2.com/signature] <http://wso2.com/signature>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
