mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-05-13 03:19:40 -05:00
Code Issues Packages Projects Releases Wiki Activity

KEYCLOAK-8573 Invalid client credentials should return Unauthorized status (#6725)

Browse Source
This commit is contained in:
Thomas Darimont
2020-02-05 08:27:15 +01:00
committed by GitHub
parent 038b8fd975
commit 42fdc12bdc
4 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/src/main/java/org/keycloak/authentication/authenticators/client/ClientIdAndSecretAuthenticator.java
+3 -3
View File
@@ -121,19 +121,19 @@ public class ClientIdAndSecretAuthenticator extends AbstractClientAuthenticator
}
if (clientSecret == null) {
Response challengeResponse = ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "unauthorized_client", "Client secret not provided in request");
Response challengeResponse = ClientAuthUtil.errorResponse(Response.Status.UNAUTHORIZED.getStatusCode(), "unauthorized_client", "Client secret not provided in request");
context.challenge(challengeResponse);
return;
}
if (client.getSecret() == null) {
Response challengeResponse = ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "unauthorized_client", "Invalid client secret");
Response challengeResponse = ClientAuthUtil.errorResponse(Response.Status.UNAUTHORIZED.getStatusCode(), "unauthorized_client", "Invalid client secret");
context.failure(AuthenticationFlowError.INVALID_CLIENT_CREDENTIALS, challengeResponse);
return;
}
if (!client.validateSecret(clientSecret)) {
Response challengeResponse = ClientAuthUtil.errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "unauthorized_client", "Invalid client secret");
Response challengeResponse = ClientAuthUtil.errorResponse(Response.Status.UNAUTHORIZED.getStatusCode(), "unauthorized_client", "Invalid client secret");
context.failure(AuthenticationFlowError.INVALID_CLIENT_CREDENTIALS, challengeResponse);
return;
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java
+2 -2
View File
@@ -264,7 +264,7 @@ public class AccessTokenTest extends AbstractKeycloakTest {
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "invalid");
assertEquals(400, response.getStatusCode());
assertEquals(401, response.getStatusCode());
AssertEvents.ExpectedEvent expectedEvent = events.expectCodeToToken(codeId, loginEvent.getSessionId()).error("invalid_client_credentials").clearDetails().user((String) null).session((String) null);
expectedEvent.assertEvent();
@@ -279,7 +279,7 @@ public class AccessTokenTest extends AbstractKeycloakTest {
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, null);
assertEquals(400, response.getStatusCode());
assertEquals(401, response.getStatusCode());
AssertEvents.ExpectedEvent expectedEvent = events.expectCodeToToken(codeId, loginEvent.getSessionId()).error("invalid_client_credentials").clearDetails().user((String) null).session((String) null);
expectedEvent.assertEvent();
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java
+2 -2
View File
@@ -376,7 +376,7 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("invalid", "test-user@localhost", "password");
assertEquals(400, response.getStatusCode());
assertEquals(401, response.getStatusCode());
assertEquals("unauthorized_client", response.getError());
@@ -395,7 +395,7 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest(null, "test-user@localhost", "password");
assertEquals(400, response.getStatusCode());
assertEquals(401, response.getStatusCode());
assertEquals("unauthorized_client", response.getError());
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountTest.java
+1 -1
View File
@@ -192,7 +192,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest {
OAuthClient.AccessTokenResponse response = oauth.doClientCredentialsGrantAccessTokenRequest("secret2");
assertEquals(400, response.getStatusCode());
assertEquals(401, response.getStatusCode());
assertEquals("unauthorized_client", response.getError());