[SECOAUTH-314] Authorization Code error response slightly off spec - Spring JIRA

Details

Type: Defect
Status: Resolved
Priority: Minor
Resolution: Complete
Affects Version/s: 1.0.0.RC1
Fix Version/s: 1.0.0
Component/s: OAuth 2
Labels:
- oauth2

Description

When attempting to access ${APP_ROOT}/${AUTH_ENDPOINT_URL} without providing any parameters, e.g., http://localhost:8080/sparklr2/oauth/authorize, one receives a 405 error response stating "Request method 'GET' not supported" with an Allow header of POST only.

However, the spec seems to indicate otherwise: http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-4.1.2.1

"If the resource owner denies the access request or if the request fails for reasons other than a missing or invalid redirection URI, the authorization server informs the client by adding the following parameters to the query component of the redirection URI using the "application/x-www-form-urlencoded" format, per Appendix B:

error
REQUIRED. A single ASCII [USASCII] error code from the
following:
invalid_request
The request is missing a required parameter, includes an
invalid parameter value, includes a parameter more than
once, or is otherwise malformed.
"

Compare the response of:
http://localhost:8080/sparklr2/oauth/authorize

to:
http://localhost:8080/sparklr2/oauth/authorize?response_type=foo
http://localhost:8080/sparklr2/oauth/authorize?response_type=code
http://localhost:8080/sparklr2/oauth/authorize?response_type=code&client_id=foo
http://localhost:8080/sparklr2/oauth/authorize?response_type=code&client_id=tonr

for further illustration.

Attachments

Activity

People

Assignee:

Dave Syer

Reporter:

John Rodriguez

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

10/Aug/12 12:37 AM

Updated:

29/Aug/12 1:22 AM

Resolved:

29/Aug/12 1:22 AM