[CXF-8311] OAuth 2.0: Refresh token redemption unexpectedly fails with invalid_grant error - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.3.7
Fix Version/s: 3.4.0, 3.3.8
Component/s: JAX-RS Security
Labels:
None

Estimated Complexity:
Unknown

Description

Scenario:

Get an access and refresh tokens for a client with less scopes than the client allows, e.g. if there are scopes scope1 and scope2 registered for the client the authorization request should contain only scope1 (or only scope2)
Try to redeem refresh token without providing scope parameter in the token request.

Request fails with invalid_grant error which is against OAuth specification.

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Roman Usatenko

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 02/Jul/20 18:47

Updated:: 22/Dec/21 20:43

Resolved:: 09/Jul/20 09:25