Larry McCay created KNOX-3031:
---------------------------------
Summary: CLIENT_ID and CLIENT_SECRET without Token Managed set
results in 200 inappropriately
Key: KNOX-3031
URL: https://issues.apache.org/jira/browse/KNOX-3031
Project: Apache Knox
Issue Type: Bug
Components: JWT
Reporter: Larry McCay
Assignee: Larry McCay
Fix For: 2.1.0
Noticed that use of CLIENT_ID and SECRET for OAuth flows with
knox.token.exp.server-managed not set to true results in a 200 response code
and no body when attempting to use token exchange flow with the KNOXTOKEN
service.
Have to change this to return a 401 since the client id cannot be verified
without the state store. See AbstractJWTFilter(line 436).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
