KEYCLOAK-18296 RefreshTokenRequest returns incorrect error code during failed HoK request
This commit is contained in:
parent
c52d0babce
commit
669556af71
2 changed files with 3 additions and 3 deletions
|
@ -180,7 +180,7 @@ public class HolderOfKeyEnforcerExecutor implements ClientPolicyExecutorProvider
|
|||
}
|
||||
|
||||
if (!MtlsHoKTokenUtil.verifyTokenBindingWithClientCertificate(refreshToken, request, session)) {
|
||||
throw new ClientPolicyException(Errors.NOT_ALLOWED, MtlsHoKTokenUtil.CERT_VERIFY_ERROR_DESC, Response.Status.UNAUTHORIZED);
|
||||
throw new ClientPolicyException(OAuthErrorException.INVALID_GRANT, MtlsHoKTokenUtil.CERT_VERIFY_ERROR_DESC, Response.Status.BAD_REQUEST);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -2226,8 +2226,8 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
} catch (IOException ioe) {
|
||||
throw new RuntimeException(ioe);
|
||||
}
|
||||
assertEquals(401, accessTokenResponseRefreshed.getStatusCode());
|
||||
assertEquals(Errors.NOT_ALLOWED, accessTokenResponseRefreshed.getError());
|
||||
assertEquals(400, accessTokenResponseRefreshed.getStatusCode());
|
||||
assertEquals(OAuthErrorException.INVALID_GRANT, accessTokenResponseRefreshed.getError());
|
||||
|
||||
// Check token revoke with other certificate
|
||||
try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithOtherKeyStoreAndTrustStore()) {
|
||||
|
|
Loading…
Reference in a new issue