Hi, Thank you for the reply.
I have checked it in identity-inbound-auth-oauth 5.6.x branch which is used for 5.5.0, the error code was changed from *unsupported_client_authentication_method *but anyhow it has been changed to *invalid_request.*Shouldn't we need to change the error code as *invalid_client*? [1] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/5.6.x/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java#L168-L170 Thanks, Nila. On Tue, Feb 6, 2018 at 10:49 PM, Hasintha Indrajee <[email protected]> wrote: > > > On Tue, Feb 6, 2018 at 10:32 PM, Maduranga Siriwardena <[email protected] > > wrote: > >> Hi Nilasini, >> >> Yes, unsupported_client_authentication_method is a incorrect error >> message. So we need to fix this. >> >> I think this should be already fixed in IS 5.5.0 branch. *@Hasintha*, >> can you confirm? >> > > IIRC this is already fixed in 5.5.0-snapshot > >> >> Thanks, >> >> On Tue, Feb 6, 2018 at 5:07 PM, Nilasini Thirunavukkarasu < >> [email protected]> wrote: >> >>> Hi, >>> >>> In IS-5.4.1 if there is no client authentication in the token request, >>> we are giving the error code *unsupported_client_authentication_method*. >>> According to the spec[1], if there is no client authentication or >>> unsupported client authentication, it will fall under "invalid_client". >>> >>> invalid_client >>> Client authentication failed (e.g., unknown client, no >>> client authentication included, or unsupported >>> authentication method). The authorization server MAY >>> return an HTTP 401 (Unauthorized) status code to indicate >>> which HTTP authentication schemes are supported. If the >>> client attempted to authenticate via the "Authorization" >>> request header field, the authorization server MUST >>> respond with an HTTP 401 (Unauthorized) status code and >>> include the "WWW-Authenticate" response header field >>> matching the authentication scheme used by the client. >>> >>> >>> >>> >>> According to the spec, there is no standard error code like >>> *unsupported_client_authentication_method. >>> *Is there any specific reason to introduce a new error code >>> *unsupported_client_authentication_method *in IS5.4.1?. >>> >>> Example:- >>> >>> request:- >>> curl -H -k -d "grant_type=client_credentials" -H >>> "Content-Type:application/x-www-form-urlencoded" >>> https://localhost:9443/oauth2/token -k >>> >>> response:- >>> {"error_description":"Unsupported Client Authentication >>> Method!","error":"unsupported_client_authentication_method"} >>> >>> Please correct me if I'm wrong. >>> >>> [1] https://tools.ietf.org/html/rfc6749#section-5.2 >>> >>> >>> Thanks, >>> Nila. >>> >>> -- >>> Nilasini Thirunavukkarasu >>> Software Engineer - WSO2 >>> >>> Email : [email protected] >>> Mobile : +94775241823 <+94%2077%20524%201823> >>> Web : http://wso2.com/ >>> >>> >>> <http://wso2.com/signature> >>> >> >> >> >> -- >> Maduranga Siriwardena >> Senior Software Engineer >> WSO2 Inc; http://wso2.com/ >> >> Email: [email protected] >> Mobile: +94718990591 <071%20899%200591> >> Blog: *https://madurangasiriwardena.wordpress.com/ >> <https://madurangasiriwardena.wordpress.com/>* >> <http://wso2.com/signature> >> > > > > -- > Hasintha Indrajee > WSO2, Inc. > Mobile:+94 771892453 <+94%2077%20189%202453> > > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : [email protected] Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
