[
https://issues.apache.org/jira/browse/KNOX-3031?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sandor Molnar updated KNOX-3031:
--------------------------------
Fix Version/s: 3.0.0
(was: 2.1.0)
Due to the pending 2.1.0 release this JIRA has been pushed out to 3.0.0 as part
of a bulk update. If there is a specific reason to pull this back into the
2.1.0 release and you intend to provide a PR in the next few days please
provide justification and reset the Fix Version to 2.1.0.
> CLIENT_ID and CLIENT_SECRET without Token Managed set results in 200
> inappropriately
> ------------------------------------------------------------------------------------
>
> Key: KNOX-3031
> URL: https://issues.apache.org/jira/browse/KNOX-3031
> Project: Apache Knox
> Issue Type: Bug
> Components: JWT
> Reporter: Larry McCay
> Assignee: Larry McCay
> Priority: Major
> Fix For: 3.0.0
>
>
> Noticed that use of CLIENT_ID and SECRET for OAuth flows with
> knox.token.exp.server-managed not set to true results in a 200 response code
> and no body when attempting to use token exchange flow with the KNOXTOKEN
> service.
> Note that the same is true for Passcode token based authentication which is
> what is used by the OAuth client credentials support.
> Have to change this to return a 401 since the client id cannot be verified
> without the state store. See AbstractJWTFilter(line 436).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
