Details
Description
When attempting to access ${APP_ROOT}/${AUTH_ENDPOINT_URL} without providing any parameters, e.g., http://localhost:8080/sparklr2/oauth/authorize, one receives a 405 error response stating "Request method 'GET' not supported" with an Allow header of POST only.
However, the spec seems to indicate otherwise: http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-4.1.2.1
"If the resource owner denies the access request or if the request fails for reasons other than a missing or invalid redirection URI, the authorization server informs the client by adding the following parameters to the query component of the redirection URI using the "application/x-www-form-urlencoded" format, per Appendix B:
error
REQUIRED. A single ASCII [USASCII] error code from the
following:
invalid_request
The request is missing a required parameter, includes an
invalid parameter value, includes a parameter more than
once, or is otherwise malformed.
"
Compare the response of:
http://localhost:8080/sparklr2/oauth/authorize
to:
http://localhost:8080/sparklr2/oauth/authorize?response_type=foo
http://localhost:8080/sparklr2/oauth/authorize?response_type=code
http://localhost:8080/sparklr2/oauth/authorize?response_type=code&client_id=foo
http://localhost:8080/sparklr2/oauth/authorize?response_type=code&client_id=tonr
for further illustration.