Uploaded image for project: 'Spring Security OAuth'
  1. Spring Security OAuth
  2. SECOAUTH-314

Authorization Code error response slightly off spec

    Details

    • Type: Defect
    • Status: Resolved
    • Priority: Minor
    • Resolution: Complete
    • Affects Version/s: 1.0.0.RC1
    • Fix Version/s: 1.0.0
    • Component/s: OAuth 2
    • Labels:

      Description

      When attempting to access ${APP_ROOT}/${AUTH_ENDPOINT_URL} without providing any parameters, e.g., http://localhost:8080/sparklr2/oauth/authorize, one receives a 405 error response stating "Request method 'GET' not supported" with an Allow header of POST only.

      However, the spec seems to indicate otherwise: http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-4.1.2.1

      "If the resource owner denies the access request or if the request fails for reasons other than a missing or invalid redirection URI, the authorization server informs the client by adding the following parameters to the query component of the redirection URI using the "application/x-www-form-urlencoded" format, per Appendix B:

      error
      REQUIRED. A single ASCII [USASCII] error code from the
      following:
      invalid_request
      The request is missing a required parameter, includes an
      invalid parameter value, includes a parameter more than
      once, or is otherwise malformed.
      "

      Compare the response of:
      http://localhost:8080/sparklr2/oauth/authorize

      to:
      http://localhost:8080/sparklr2/oauth/authorize?response_type=foo
      http://localhost:8080/sparklr2/oauth/authorize?response_type=code
      http://localhost:8080/sparklr2/oauth/authorize?response_type=code&client_id=foo
      http://localhost:8080/sparklr2/oauth/authorize?response_type=code&client_id=tonr

      for further illustration.

        Attachments

          Activity

            People

            • Assignee:
              david_syer Dave Syer
              Reporter:
              jrod John Rodriguez
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: