FAPI 2.0 security profile - Reject Implicit Grant executor does not return an appropriate error
Closes #20622
This commit is contained in:
parent
0832992e59
commit
6b42c2b4d0
2 changed files with 5 additions and 5 deletions
|
@ -108,7 +108,7 @@ public class RejectImplicitGrantExecutor implements ClientPolicyExecutorProvider
|
||||||
// Before client policies operation, Authorization Endpoint logic has already checked whether implicit/hybrid flow is activated for a client.
|
// Before client policies operation, Authorization Endpoint logic has already checked whether implicit/hybrid flow is activated for a client.
|
||||||
// This method rejects implicit grant regardless of client setting for allowing implicit grant.
|
// This method rejects implicit grant regardless of client setting for allowing implicit grant.
|
||||||
if (parsedResponseType.isImplicitOrHybridFlow()) {
|
if (parsedResponseType.isImplicitOrHybridFlow()) {
|
||||||
throw new ClientPolicyException(OAuthErrorException.INVALID_GRANT, "Implicit/Hybrid flow is prohibited.");
|
throw new ClientPolicyException(OAuthErrorException.INVALID_REQUEST, "Implicit/Hybrid flow is prohibited.");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1196,16 +1196,16 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
||||||
oauth.clientId(clientId);
|
oauth.clientId(clientId);
|
||||||
|
|
||||||
// implicit grant
|
// implicit grant
|
||||||
testProhibitedImplicitOrHybridFlow(false, OIDCResponseType.TOKEN, null, OAuthErrorException.INVALID_GRANT, expectedErrorDescription);
|
testProhibitedImplicitOrHybridFlow(false, OIDCResponseType.TOKEN, null, OAuthErrorException.INVALID_REQUEST, expectedErrorDescription);
|
||||||
|
|
||||||
// hybrid grant
|
// hybrid grant
|
||||||
testProhibitedImplicitOrHybridFlow(true, OIDCResponseType.TOKEN + " " + OIDCResponseType.ID_TOKEN, "exsefweag", OAuthErrorException.INVALID_GRANT, expectedErrorDescription);
|
testProhibitedImplicitOrHybridFlow(true, OIDCResponseType.TOKEN + " " + OIDCResponseType.ID_TOKEN, "exsefweag", OAuthErrorException.INVALID_REQUEST, expectedErrorDescription);
|
||||||
|
|
||||||
// hybrid grant
|
// hybrid grant
|
||||||
testProhibitedImplicitOrHybridFlow(true, OIDCResponseType.TOKEN + " " + OIDCResponseType.CODE, "exsefweag", OAuthErrorException.INVALID_GRANT, expectedErrorDescription);
|
testProhibitedImplicitOrHybridFlow(true, OIDCResponseType.TOKEN + " " + OIDCResponseType.CODE, "exsefweag", OAuthErrorException.INVALID_REQUEST, expectedErrorDescription);
|
||||||
|
|
||||||
// hybrid grant
|
// hybrid grant
|
||||||
testProhibitedImplicitOrHybridFlow(true, OIDCResponseType.TOKEN + " " + OIDCResponseType.CODE + " " + OIDCResponseType.ID_TOKEN, "exsefweag", OAuthErrorException.INVALID_GRANT, expectedErrorDescription);
|
testProhibitedImplicitOrHybridFlow(true, OIDCResponseType.TOKEN + " " + OIDCResponseType.CODE + " " + OIDCResponseType.ID_TOKEN, "exsefweag", OAuthErrorException.INVALID_REQUEST, expectedErrorDescription);
|
||||||
|
|
||||||
} finally {
|
} finally {
|
||||||
// revert test client instance settings the same as OAuthClient.init
|
// revert test client instance settings the same as OAuthClient.init
|
||||||
|
|
Loading…
Reference in a new issue