Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RefreshTokenPersistence response in case of invalid refresh token #251

Closed
l0co opened this issue May 21, 2020 · 2 comments
Closed

RefreshTokenPersistence response in case of invalid refresh token #251

l0co opened this issue May 21, 2020 · 2 comments
Labels
relates-to: jwt

Comments

@l0co
Copy link

l0co commented May 21, 2020

In 2.0.0.M3.

When a request to get a new access token with refresh token is sent to /oauth/access_token and underlying RefreshTokenPersistence can't find the refresh token because the token is invalid or expired, I return empty publisher from RefreshTokenPersistence.getUserDetails(). In such a scenario the response to the client is HTTP 500, while I believe it should be HTTP 401 with some additional info in body.
@graemerocher graemerocher transferred this issue from micronaut-projects/micronaut-core May 21, 2020
@sdelamo
Copy link
Contributor

sdelamo commented May 22, 2020

Hello @l0co

I have updated the JWT guide with an example.

https://guides.micronaut.io/micronaut-security-jwt/guide/index.html#refreshToken

Please, reopen if you consider the issue unresovled.

@sdelamo sdelamo closed this as completed May 22, 2020
@l0co
Copy link
Author

l0co commented May 22, 2020

OK, I see. I'd also add info in RefreshTokenPersistence.getUserDetails() comment that in case of
any problem you should publish OauthErrorResponseException.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
relates-to: jwt
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sdelamo @l0co