Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-8311

OAuth 2.0: Refresh token redemption unexpectedly fails with invalid_grant error

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.3.7
    • Fix Version/s: 3.4.0, 3.3.8
    • Component/s: JAX-RS Security
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      Scenario:

      1. Get an access and refresh tokens for a client with less scopes than the client allows, e.g. if there are scopes scope1 and scope2 registered for the client the authorization request should contain only scope1 (or only scope2)
      2. Try to redeem refresh token without providing scope parameter in the token request.

      Request fails with invalid_grant error which is against OAuth specification.

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              romanu Roman Usatenko
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: