On Tue, Feb 6, 2018 at 10:32 PM, Maduranga Siriwardena <[email protected]> wrote:
> Hi Nilasini, > > Yes, unsupported_client_authentication_method is a incorrect error > message. So we need to fix this. > > I think this should be already fixed in IS 5.5.0 branch. *@Hasintha*, can > you confirm? > IIRC this is already fixed in 5.5.0-snapshot > > Thanks, > > On Tue, Feb 6, 2018 at 5:07 PM, Nilasini Thirunavukkarasu < > [email protected]> wrote: > >> Hi, >> >> In IS-5.4.1 if there is no client authentication in the token request, we >> are giving the error code *unsupported_client_authentication_method*. >> According to the spec[1], if there is no client authentication or >> unsupported client authentication, it will fall under "invalid_client". >> >> invalid_client >> Client authentication failed (e.g., unknown client, no >> client authentication included, or unsupported >> authentication method). The authorization server MAY >> return an HTTP 401 (Unauthorized) status code to indicate >> which HTTP authentication schemes are supported. If the >> client attempted to authenticate via the "Authorization" >> request header field, the authorization server MUST >> respond with an HTTP 401 (Unauthorized) status code and >> include the "WWW-Authenticate" response header field >> matching the authentication scheme used by the client. >> >> >> >> >> According to the spec, there is no standard error code like >> *unsupported_client_authentication_method. >> *Is there any specific reason to introduce a new error code >> *unsupported_client_authentication_method *in IS5.4.1?. >> >> Example:- >> >> request:- >> curl -H -k -d "grant_type=client_credentials" -H >> "Content-Type:application/x-www-form-urlencoded" >> https://localhost:9443/oauth2/token -k >> >> response:- >> {"error_description":"Unsupported Client Authentication >> Method!","error":"unsupported_client_authentication_method"} >> >> Please correct me if I'm wrong. >> >> [1] https://tools.ietf.org/html/rfc6749#section-5.2 >> >> >> Thanks, >> Nila. >> >> -- >> Nilasini Thirunavukkarasu >> Software Engineer - WSO2 >> >> Email : [email protected] >> Mobile : +94775241823 <+94%2077%20524%201823> >> Web : http://wso2.com/ >> >> >> <http://wso2.com/signature> >> > > > > -- > Maduranga Siriwardena > Senior Software Engineer > WSO2 Inc; http://wso2.com/ > > Email: [email protected] > Mobile: +94718990591 <071%20899%200591> > Blog: *https://madurangasiriwardena.wordpress.com/ > <https://madurangasiriwardena.wordpress.com/>* > <http://wso2.com/signature> > -- Hasintha Indrajee WSO2, Inc. Mobile:+94 771892453
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
