Details
-
Improvement
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
None
-
None
Description
The default failure handler for Bearer Token authentication returns the WWW-Authenticate HTTP response header for invalid tokens, but does not include any response body. When user interface provides the Bearer Token in a Cookie header, the failure handler does not remove cookie. This behavior should be updated to return the error parameters in the response body and return a Set-Cookie header that instructs the browser to remove the cookie.
Attachments
Issue Links
- is related to
-
NIFI-10216 Refactor Deprecated Usage of WebSecurityConfigurerAdapter
- Resolved
- relates to
-
NIFI-10313 Unexpected "Access Token not found"
- Resolved
-
NIFI-10322 invalid_token error after OpenID connect session timeout
- Resolved
- links to