oauth2: invalid consent response causes panic - closes #369

ory · Jan 24, 2017 · c9b1656 · c9b1656
1 parent fe31f1f
commit c9b1656
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/oauth2/consent_strategy.go b/oauth2/consent_strategy.go
@@ -45,6 +45,9 @@ func (s *DefaultConsentStrategy) ValidateResponse(a fosite.AuthorizeRequester, t
 		}
 		return rsaKey, nil
 	})
+	if err != nil {
+		return nil, errors.Wrap(err, "The consent response is not a valid JSON Web Token")
+	}
 
 	// make sure to use MapClaims since that is the default..
 	jwtClaims, ok := t.Claims.(jwt.MapClaims)