Skip to content

Using GET parameters in /o/token/ endpoint causes http 500 error (instead of 400) #1209

New issue
New issue
Closed
#1210
Closed
Using GET parameters in /o/token/ endpoint causes http 500 error (instead of 400)#1209
#1210
Labels
bug
@AndrejZbin

Description

@AndrejZbin
AndrejZbin
opened on Oct 4, 2022

Describe the bug
When GET parameters are in /o/token/, e.g. /o/token/?test=test , the server returns 500 error.
This is caused because OAuth2Error (with status code 400) from oauthlib is not caught:
https://github.com/oauthlib/oauthlib/blob/a70e13ff19d74f7fc1e397742782c7b881e2d496/oauthlib/oauth2/rfc6749/endpoints/base.py#L88

I think the solution is to change this:
https://github.com/jazzband/django-oauth-toolkit/blob/9d2aac2480b2a1875eb52612661992f73606bade/oauth2_provider/oauth2_backends.py#L155

to something like this:
https://github.com/jazzband/django-oauth-toolkit/blob/9d2aac2480b2a1875eb52612661992f73606bade/oauth2_provider/oauth2_backends.py#L184

To Reproduce
Add any GET paremeters to /o/token endpoint

Expected behavior
Server returns 400 error

Additional context
We are migrating from very old version of this library where RFC6749 was not enforced by oauthlib. We would like to send proper error when the request is invalid.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions