Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[question] Token Endpoint responses with 'success' even when client-secret is wrong #2964

Closed
amoraitis opened this issue May 22, 2024 · 2 comments
Closed

[question] Token Endpoint responses with 'success' even when client-secret is wrong #2964

amoraitis opened this issue May 22, 2024 · 2 comments
Assignees
@hsluoyz
Labels
question Further information is requested

Comments

@amoraitis
Copy link

amoraitis commented May 22, 2024
edited
Loading

Hitting the Token-Endpoint with incorrect client-secret value returns HTTP Status 200 OK, with an error.
image

Is that expected? Should not this return another response code (failure) and return the error in the JSON response as defined here?

Example from Microsoft's implementation.
@casbin-bot
Copy link
Contributor

@tangyang9464 @JalinWang @imp2002

@casbin-bot casbin-bot added the bug Something isn't working label May 22, 2024
@amoraitis amoraitis changed the title [BugToken Endpoint responses with 'success' even when client-secret is wrong [Bug] Token Endpoint responses with 'success' even when client-secret is wrong May 22, 2024
@hsluoyz hsluoyz changed the title [Bug] Token Endpoint responses with 'success' even when client-secret is wrong [question] Token Endpoint responses with 'success' even when client-secret is wrong May 22, 2024
@hsluoyz
Copy link
Member

hsluoyz commented May 22, 2024

@amoraitis Casdoor returns HTTP 200 for application-level errors, to differ from network errors. Use status and msg to parse the error

@hsluoyz hsluoyz closed this as completed May 22, 2024
@hsluoyz hsluoyz added question Further information is requested and removed bug Something isn't working labels May 22, 2024
@casdoor casdoor locked and limited conversation to collaborators May 22, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@hsluoyz hsluoyz

Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hsluoyz @amoraitis @casbin-bot