[OLTU-218] [RFC 6750] The resource should respond with 401 when the access token is invalid - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Invalid
Affects Version/s: oauth2-1.0.2
Fix Version/s: None
Component/s: oauth2-resourceserver
Labels:
None

Description

According to RFC 6750 - 3.1. Error Codes, the following error should SHOULD respond with the HTTP 401 (Unauthorized) status code, I think. What do you think?

Request	Response Status Code Actual	Expected	Response Body Actual	Expected
Invalid token	400	401	{"WWW-Authenticate":"Bearer error=\"invalid_token\""}	{"WWW-Authenticate":"Bearer error=\"invalid_token\""}

Thanks

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Keisuke Kato

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 11/Jan/18 10:39

Updated:: 11/Jan/18 12:44

Resolved:: 11/Jan/18 12:44