[
https://issues.apache.org/jira/browse/CXF-4428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13417197#comment-13417197
]
Sergey Beryozkin commented on CXF-4428:
---------------------------------------
I've updated the code to optionally report the error messages for all the
exceptions, including OAuthServiceException, the services can get a
'reportFailureDetails' property set to true if the extra info is required. This
is consistent with the way extra error details are managed in the OAuth 2.0
module. The default code is now 400, and 401 is reported if no client is found
- as advised by the 1.0 spec - this is also quite consistent with the 2.0 spec
(see the invalid_client error condition). The 1.0 spec says 401 'SHOULD' be
reported for few extra cases, but I'll get it reported only in the case where
the client is not available to keep it more inline with the 2.0 spec
> [OAuth1.0] allow to set response codes when throwing exception from
> OAuthDataProvider implementation.
> -----------------------------------------------------------------------------------------------------
>
> Key: CXF-4428
> URL: https://issues.apache.org/jira/browse/CXF-4428
> Project: CXF
> Issue Type: Wish
> Components: JAX-RS Security
> Affects Versions: 2.6.1
> Reporter: Evgeni Kisel
>
> Currently OAuthDataProvider interface support throwing OAuthServiceException.
> But handlers (request token, authorize, access token) catch this exception
> and always return response status 500.
> I think it will be better to allow setting custom response statuses and add
> proper handling for this exception type.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
