New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[policy] [oauth2] Policy Oauth2 should not impose client_id in the introspect body #1081

Closed
vdusauto opened this Issue Feb 14, 2018 · 0 comments

Comments

Projects
None yet
3 participants
@vdusauto

vdusauto commented Feb 14, 2018

The policy oauth 2 verifies wrongly the presence of client_id in the introspect response body.
This might not be the only place impacted but according to RFC 7662, client_id is optional in instrospection response body.

Expected Behavior

The policy client id check should not be there.

Current Behavior

https://github.com/gravitee-io/gravitee-policy-oauth2/blob/master/src/main/java/io/gravitee/policy/oauth2/Oauth2Policy.java#L120

Possible Solution

Remove the check

Steps to Reproduce (for bugs)

Don't provide a client_id in the response of the introspection endpoint

@brasseld brasseld changed the title from Policy Oauth2 should not impose client_id in the introspect body to [policy] [oauth2] Policy Oauth2 should not impose client_id in the introspect body Feb 15, 2018

brasseld added a commit to gravitee-io/gravitee-policy-oauth2 that referenced this issue Feb 15, 2018

brasseld added a commit to gravitee-io/gravitee-gateway that referenced this issue Feb 15, 2018

@brasseld brasseld self-assigned this Feb 15, 2018

@brasseld brasseld added this to the 1.13.3 milestone Feb 16, 2018

NicolasGeraud added a commit to gravitee-io/gravitee-gateway that referenced this issue Feb 16, 2018

NicolasGeraud added a commit to gravitee-io/gravitee-policy-oauth2 that referenced this issue Feb 16, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment