KEYCLOAK-12150 change error response from invalid_request to unsupported_grant_type

2019-11-20 16:19:52 +09:00 · 2019-11-20 16:19:52 +09:00 · 0a9d058b81
commit 0a9d058b81
parent a36cfee84b
2 changed files with 30 additions and 1 deletions
--- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
@ -266,7 +266,8 @@ public class TokenEndpoint {
            event.event(EventType.PERMISSION_TOKEN);
            action = Action.PERMISSION;
        } else {
-            throw new CorsErrorResponseException(cors, Errors.INVALID_REQUEST, "Invalid " + OIDCLoginProtocol.GRANT_TYPE_PARAM, Response.Status.BAD_REQUEST);
+            throw new CorsErrorResponseException(cors, OAuthErrorException.UNSUPPORTED_GRANT_TYPE,
+                "Unsupported " + OIDCLoginProtocol.GRANT_TYPE_PARAM, Response.Status.BAD_REQUEST);
        }

        event.detail(Details.GRANT_TYPE, grantType);
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java
@ -18,9 +18,12 @@
 package org.keycloak.testsuite.oauth;

 import org.apache.http.HttpResponse;
+import org.apache.http.NameValuePair;
+import org.apache.http.client.entity.UrlEncodedFormEntity;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.message.BasicNameValuePair;
 import org.junit.Rule;
 import org.junit.Test;
 import org.keycloak.OAuth2Constants;
@ -53,6 +56,8 @@ import org.keycloak.testsuite.util.TokenSignatureUtil;
 import org.keycloak.testsuite.util.UserBuilder;
 import org.keycloak.testsuite.util.UserManager;

+import java.io.UnsupportedEncodingException;
+import java.util.LinkedList;
 import java.util.List;

 import static org.junit.Assert.assertEquals;
@ -587,4 +592,27 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
        }
    }

+    @Test
+    public void grantAccessTokenUnsupportedGrantType() throws Exception {
+        oauth.clientId("resource-owner");
+
+        try (CloseableHttpClient client = HttpClientBuilder.create().build()) {
+            HttpPost post = new HttpPost(oauth.getResourceOwnerPasswordCredentialGrantUrl());
+            List<NameValuePair> parameters = new LinkedList<>();
+            parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, "unsupported_grant_type"));
+            UrlEncodedFormEntity formEntity;
+            try {
+                formEntity = new UrlEncodedFormEntity(parameters, "UTF-8");
+            } catch (UnsupportedEncodingException e) {
+                throw new RuntimeException(e);
+            }
+            post.setEntity(formEntity);
+            OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(client.execute(post));
+
+            assertEquals(400, response.getStatusCode());
+
+            assertEquals(OAuthErrorException.UNSUPPORTED_GRANT_TYPE, response.getError());
+            assertEquals("Unsupported grant_type", response.getErrorDescription());
+        }
+    }
 }