[
https://issues.apache.org/jira/browse/CXF-4427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Beryozkin resolved CXF-4427.
-----------------------------------
Resolution: Fixed
Fix Version/s: 2.7.0
2.6.2
Assignee: Sergey Beryozkin
> Error details are discarded and never sent to the client
> --------------------------------------------------------
>
> Key: CXF-4427
> URL: https://issues.apache.org/jira/browse/CXF-4427
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS Security
> Affects Versions: 2.7.0
> Reporter: Jordi Torrente
> Assignee: Sergey Beryozkin
> Labels: oauth2
> Fix For: 2.6.2, 2.7.0
>
>
> Current AccessTokenService implementation catches all OAuthServiceExceptions
> and returns a generic error response discarding all the exception details:
> ServerAccessToken serverToken = null;
> try {
> serverToken = handler.createAccessToken(client, params);
> } catch (OAuthServiceException ex) {
> // the error response is to be returned next
> }
> if (serverToken == null) {
> return createErrorResponse(params, OAuthConstants.INVALID_GRANT);
> }
> I think it would be more useful to create the OAuthError object to return
> using the exception's message, in order to receive the error code/details at
> the client layer
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
