Hi Nila, Sorry for the confusion, I have mentioned the stack trace in is-server( backend). As I mentioned earlier, the user response is correct.
Thanks, kumaaran On Fri, Jan 18, 2019 at 3:51 PM Nilasini Thirunavukkarasu <[email protected]> wrote: > Hi Inthirakumaaran, > > According to the specification[1], if a token is inactive then we should > only return *"active": false*, we should not return why the token in > inactive. > > authorization server SHOULD NOT include any additional information >> about an inactive token, including why the token is inactive > > > > > [1] https://tools.ietf.org/html/rfc7662#section-2.2 > > Thanks, > Nila. > > On Fri, Jan 18, 2019 at 3:24 PM Inthirakumaaran Tharmakulasingham < > [email protected]> wrote: > >> Hi, >> >> If we validate the expired JWT token in the introspection endpoint it >> prompts a error log with stack trace while sending the correct response to >> the user. The detail stack trace is in [1]. This happens because we are >> throwing an IdentityOAuth2Exception while checking the expiry time and >> propagating to a point where we log the error with the stack trace. >> >> There two viable solutions to this problem. >> 1. Creating a sub Exception extending the IdentityOAuth2Exception. >> 2. Creating an error code for this time expiration. >> >> Then we can build the correct introspection response without logging the >> stack trace if we encountered the exception or error code. >> >> What would be the suitable solution to tackle this problem? Is there any >> better way to handle this? >> >> This problem will occur for IS servers that are >> using identity-inbound-auth-oauth module v6.0.66 or above. The current >> is-product in the master branch have this module. >> >> [1]https://github.com/wso2/product-is/issues/4319 >> >> Thanks & Regards, >> kumaaran >> -- >> *Inthirakumaaran* >> Software Engineer | WSO2 >> >> E-mail:[email protected] >> Mobile:+94775558050 >> Web:https://wso2.com >> >> <http://wso2.com/signature> >> >> >> > > -- > Nilasini Thirunavukkarasu > Software Engineer - WSO2 > > Email : [email protected] > Mobile : +94775241823 > Web : http://wso2.com/ > > > <http://wso2.com/signature> > -- *Inthirakumaaran* Software Engineer | WSO2 E-mail:[email protected] Mobile:+94775558050 Web:https://wso2.com <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
