On Tue, Feb 6, 2018 at 11:43 PM, Nilasini Thirunavukkarasu < [email protected]> wrote:
> Hi, > > Thank you for the reply. > > I have checked it in identity-inbound-auth-oauth 5.6.x branch which is > used for 5.5.0, the error code was changed from > *unsupported_client_authentication_method > *but anyhow it has been changed to *invalid_request.*Shouldn't we need to > change the error code as *invalid_client*? > +1. Let's do this change. > > [1] https://github.com/wso2-extensions/identity-inbound- > auth-oauth/blob/5.6.x/components/org.wso2.carbon. > identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/ > AccessTokenIssuer.java#L168-L170 > > > Thanks, > Nila. > > On Tue, Feb 6, 2018 at 10:49 PM, Hasintha Indrajee <[email protected]> > wrote: > >> >> >> On Tue, Feb 6, 2018 at 10:32 PM, Maduranga Siriwardena < >> [email protected]> wrote: >> >>> Hi Nilasini, >>> >>> Yes, unsupported_client_authentication_method is a incorrect error >>> message. So we need to fix this. >>> >>> I think this should be already fixed in IS 5.5.0 branch. *@Hasintha*, >>> can you confirm? >>> >> >> IIRC this is already fixed in 5.5.0-snapshot >> >>> >>> Thanks, >>> >>> On Tue, Feb 6, 2018 at 5:07 PM, Nilasini Thirunavukkarasu < >>> [email protected]> wrote: >>> >>>> Hi, >>>> >>>> In IS-5.4.1 if there is no client authentication in the token request, >>>> we are giving the error code *unsupported_client_authentication_method*. >>>> According to the spec[1], if there is no client authentication or >>>> unsupported client authentication, it will fall under "invalid_client". >>>> >>>> invalid_client >>>> Client authentication failed (e.g., unknown client, no >>>> client authentication included, or unsupported >>>> authentication method). The authorization server MAY >>>> return an HTTP 401 (Unauthorized) status code to indicate >>>> which HTTP authentication schemes are supported. If the >>>> client attempted to authenticate via the "Authorization" >>>> request header field, the authorization server MUST >>>> respond with an HTTP 401 (Unauthorized) status code and >>>> include the "WWW-Authenticate" response header field >>>> matching the authentication scheme used by the client. >>>> >>>> >>>> >>>> >>>> According to the spec, there is no standard error code like >>>> *unsupported_client_authentication_method. >>>> *Is there any specific reason to introduce a new error code >>>> *unsupported_client_authentication_method *in IS5.4.1?. >>>> >>>> Example:- >>>> >>>> request:- >>>> curl -H -k -d "grant_type=client_credentials" -H >>>> "Content-Type:application/x-www-form-urlencoded" >>>> https://localhost:9443/oauth2/token -k >>>> >>>> response:- >>>> {"error_description":"Unsupported Client Authentication >>>> Method!","error":"unsupported_client_authentication_method"} >>>> >>>> Please correct me if I'm wrong. >>>> >>>> [1] https://tools.ietf.org/html/rfc6749#section-5.2 >>>> >>>> >>>> Thanks, >>>> Nila. >>>> >>>> -- >>>> Nilasini Thirunavukkarasu >>>> Software Engineer - WSO2 >>>> >>>> Email : [email protected] >>>> Mobile : +94775241823 <+94%2077%20524%201823> >>>> Web : http://wso2.com/ >>>> >>>> >>>> <http://wso2.com/signature> >>>> >>> >>> >>> >>> -- >>> Maduranga Siriwardena >>> Senior Software Engineer >>> WSO2 Inc; http://wso2.com/ >>> >>> Email: [email protected] >>> Mobile: +94718990591 <071%20899%200591> >>> Blog: *https://madurangasiriwardena.wordpress.com/ >>> <https://madurangasiriwardena.wordpress.com/>* >>> <http://wso2.com/signature> >>> >> >> >> >> -- >> Hasintha Indrajee >> WSO2, Inc. >> Mobile:+94 771892453 <+94%2077%20189%202453> >> >> > > > -- > Nilasini Thirunavukkarasu > Software Engineer - WSO2 > > Email : [email protected] > Mobile : +94775241823 <077%20524%201823> > Web : http://wso2.com/ > > > <http://wso2.com/signature> > -- Hasintha Indrajee WSO2, Inc. Mobile:+94 771892453
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
