OAuth2 introspection and userinfo should send a 503 when technical exception instead of 401 #9390

exalate-issue-sync · 2023-11-21T15:36:05Z

Currently, when a technical issue occurs during the introspection mechanism (used in gravitee-policy-oauth2) and in the userinfo mechanism (used in gravitee-policy-openid-connect-userinfo), these policies sends a 401 error.
It should be considered as a 503 error.

The fix need to be done in the OAuth2Provider resources so the good information is sent to policies

exalate-issue-sync · 2023-11-24T13:11:49Z

This issue will be fixed in versions 4.0.13, 3.20.24, 4.2.0, 4.1.4

exalate-issue-sync bot added project: APIM type: bug labels Nov 21, 2023

exalate-issue-sync bot changed the title ~~PRODUCTION - An error occurs while checking OAuth2 token~~ OAuth2 introspection should send a 503 when technical exception instead of 401 Nov 22, 2023

exalate-issue-sync bot changed the title ~~OAuth2 introspection should send a 503 when technical exception instead of 401~~ OAuth2 introspection and userinfo should send a 503 when technical exception instead of 401 Nov 22, 2023

exalate-issue-sync bot closed this as completed Nov 24, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OAuth2 introspection and userinfo should send a 503 when technical exception instead of 401 #9390

OAuth2 introspection and userinfo should send a 503 when technical exception instead of 401 #9390

exalate-issue-sync bot commented Nov 21, 2023 •

edited

exalate-issue-sync bot commented Nov 24, 2023

OAuth2 introspection and userinfo should send a 503 when technical exception instead of 401 #9390

OAuth2 introspection and userinfo should send a 503 when technical exception instead of 401 #9390

Comments

exalate-issue-sync bot commented Nov 21, 2023 • edited

exalate-issue-sync bot commented Nov 24, 2023

exalate-issue-sync bot commented Nov 21, 2023 •

edited