Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introspection endpoint must return 200 http status code with active=false if token is not found on AS instead of 400 #929

Closed
yuriyz opened this issue Oct 26, 2018 · 1 comment
Closed

Introspection endpoint must return 200 http status code with active=false if token is not found on AS instead of 400 #929

yuriyz opened this issue Oct 26, 2018 · 1 comment
Assignees
@yuriyz
Labels
bug bug in code
Milestone
3.1.5

Comments

@yuriyz
Copy link
Contributor

yuriyz commented Oct 26, 2018

From spec https://tools.ietf.org/html/rfc7662#section-2.2:

If the introspection call is properly authorized but the token is not
   active, does not exist on this server, or the protected resource is
   not allowed to introspect this particular token, then the
   authorization server MUST return an introspection response with the
   "active" field set to "false".
@yuriyz yuriyz added the bug bug in code label Oct 26, 2018
@yuriyz yuriyz added this to the 3.1.5 milestone Oct 26, 2018
@yuriyz yuriyz self-assigned this Oct 26, 2018
yuriyz added a commit that referenced this issue Oct 26, 2018
@yuriyz
#929 : Introspection endpoint must return 200 http status code with a…
e542364 
…ctive=false if token is not found on AS instead of 400

#929
yuriyz added a commit that referenced this issue Oct 26, 2018
@yuriyz
#929 (4.0) : Introspection endpoint must return 200 http status code …
9064efd 
…with active=false if token is not found on AS instead of 400

                                   #929

                                   (cherry picked from commit e542364)
@yuriyz
Copy link
Contributor Author

yuriyz commented Oct 26, 2018

Fixed in 3.1.5 and master.

@yuriyz yuriyz closed this as completed Oct 26, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yuriyz yuriyz

Labels
bug bug in code
Projects
None yet
Milestone
3.1.5
Development

No branches or pull requests
1 participant
@yuriyz