Hi Nilasini, Yes, unsupported_client_authentication_method is a incorrect error message. So we need to fix this.
I think this should be already fixed in IS 5.5.0 branch. *@Hasintha*, can you confirm? Thanks, On Tue, Feb 6, 2018 at 5:07 PM, Nilasini Thirunavukkarasu <[email protected] > wrote: > Hi, > > In IS-5.4.1 if there is no client authentication in the token request, we > are giving the error code *unsupported_client_authentication_method*. > According to the spec[1], if there is no client authentication or > unsupported client authentication, it will fall under "invalid_client". > > invalid_client > Client authentication failed (e.g., unknown client, no > client authentication included, or unsupported > authentication method). The authorization server MAY > return an HTTP 401 (Unauthorized) status code to indicate > which HTTP authentication schemes are supported. If the > client attempted to authenticate via the "Authorization" > request header field, the authorization server MUST > respond with an HTTP 401 (Unauthorized) status code and > include the "WWW-Authenticate" response header field > matching the authentication scheme used by the client. > > > > > According to the spec, there is no standard error code like > *unsupported_client_authentication_method. > *Is there any specific reason to introduce a new error code > *unsupported_client_authentication_method *in IS5.4.1?. > > Example:- > > request:- > curl -H -k -d "grant_type=client_credentials" -H > "Content-Type:application/x-www-form-urlencoded" > https://localhost:9443/oauth2/token -k > > response:- > {"error_description":"Unsupported Client Authentication > Method!","error":"unsupported_client_authentication_method"} > > Please correct me if I'm wrong. > > [1] https://tools.ietf.org/html/rfc6749#section-5.2 > > > Thanks, > Nila. > > -- > Nilasini Thirunavukkarasu > Software Engineer - WSO2 > > Email : [email protected] > Mobile : +94775241823 <+94%2077%20524%201823> > Web : http://wso2.com/ > > > <http://wso2.com/signature> > -- Maduranga Siriwardena Senior Software Engineer WSO2 Inc; http://wso2.com/ Email: [email protected] Mobile: +94718990591 Blog: *https://madurangasiriwardena.wordpress.com/ <https://madurangasiriwardena.wordpress.com/>* <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
