diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java index 4505c9fb51..adb73ff47a 100644 --- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java @@ -266,7 +266,8 @@ public class TokenEndpoint { event.event(EventType.PERMISSION_TOKEN); action = Action.PERMISSION; } else { - throw new CorsErrorResponseException(cors, Errors.INVALID_REQUEST, "Invalid " + OIDCLoginProtocol.GRANT_TYPE_PARAM, Response.Status.BAD_REQUEST); + throw new CorsErrorResponseException(cors, OAuthErrorException.UNSUPPORTED_GRANT_TYPE, + "Unsupported " + OIDCLoginProtocol.GRANT_TYPE_PARAM, Response.Status.BAD_REQUEST); } event.detail(Details.GRANT_TYPE, grantType); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java index 8f5f9905bc..b9c56916d2 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java @@ -18,9 +18,12 @@ package org.keycloak.testsuite.oauth; import org.apache.http.HttpResponse; +import org.apache.http.NameValuePair; +import org.apache.http.client.entity.UrlEncodedFormEntity; import org.apache.http.client.methods.HttpPost; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClientBuilder; +import org.apache.http.message.BasicNameValuePair; import org.junit.Rule; import org.junit.Test; import org.keycloak.OAuth2Constants; @@ -53,6 +56,8 @@ import org.keycloak.testsuite.util.TokenSignatureUtil; import org.keycloak.testsuite.util.UserBuilder; import org.keycloak.testsuite.util.UserManager; +import java.io.UnsupportedEncodingException; +import java.util.LinkedList; import java.util.List; import static org.junit.Assert.assertEquals; @@ -587,4 +592,27 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT } } + @Test + public void grantAccessTokenUnsupportedGrantType() throws Exception { + oauth.clientId("resource-owner"); + + try (CloseableHttpClient client = HttpClientBuilder.create().build()) { + HttpPost post = new HttpPost(oauth.getResourceOwnerPasswordCredentialGrantUrl()); + List parameters = new LinkedList<>(); + parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, "unsupported_grant_type")); + UrlEncodedFormEntity formEntity; + try { + formEntity = new UrlEncodedFormEntity(parameters, "UTF-8"); + } catch (UnsupportedEncodingException e) { + throw new RuntimeException(e); + } + post.setEntity(formEntity); + OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(client.execute(post)); + + assertEquals(400, response.getStatusCode()); + + assertEquals(OAuthErrorException.UNSUPPORTED_GRANT_TYPE, response.getError()); + assertEquals("Unsupported grant_type", response.getErrorDescription()); + } + } }