KEYCLOAK-18296 RefreshTokenRequest returns incorrect error code during failed HoK request

This commit is contained in:
Takashi Norimatsu 2021-05-27 17:46:47 +09:00 committed by Marek Posolda
parent c52d0babce
commit 669556af71
2 changed files with 3 additions and 3 deletions

View file

@ -180,7 +180,7 @@ public class HolderOfKeyEnforcerExecutor implements ClientPolicyExecutorProvider
}
if (!MtlsHoKTokenUtil.verifyTokenBindingWithClientCertificate(refreshToken, request, session)) {
throw new ClientPolicyException(Errors.NOT_ALLOWED, MtlsHoKTokenUtil.CERT_VERIFY_ERROR_DESC, Response.Status.UNAUTHORIZED);
throw new ClientPolicyException(OAuthErrorException.INVALID_GRANT, MtlsHoKTokenUtil.CERT_VERIFY_ERROR_DESC, Response.Status.BAD_REQUEST);
}
}

View file

@ -2226,8 +2226,8 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
} catch (IOException ioe) {
throw new RuntimeException(ioe);
}
assertEquals(401, accessTokenResponseRefreshed.getStatusCode());
assertEquals(Errors.NOT_ALLOWED, accessTokenResponseRefreshed.getError());
assertEquals(400, accessTokenResponseRefreshed.getStatusCode());
assertEquals(OAuthErrorException.INVALID_GRANT, accessTokenResponseRefreshed.getError());
// Check token revoke with other certificate
try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithOtherKeyStoreAndTrustStore()) {