[SHINDIG-1786] Utilizing an OAuth2 refresh token to obtain an access token should handle a 400 response - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.5.0-beta2
Fix Version/s: 2.5.0-beta3
Component/s: Java
Labels:
- OAuth2

Description

In the newest version of the OAuth2 spec, the language around the behavior for failure when using a refresh token has been made more explicit.

See: http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-6
Also see: http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-5.2

Currently in BasicOAuth2Request we only check for a 401 response to indicate that the refresh token is "bad" and should be discarded. The updated spec language indicates that a 400 is also a valid response to indicate a bad refresh token.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

refresh_token.patch
01/Jun/12 13:57
0.8 kB
Adam Clarke

Activity

People

Assignee:: Stanton Sievers

Reporter:: Stanton Sievers

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 01/Jun/12 13:44

Updated:: 26/Jun/12 13:29

Resolved:: 18/Jun/12 20:10