[jira] [Updated] (CXF-8311) OAuth 2.0: Refresh token redemption unexpectedly fails with invalid_grant error

Colm O hEigeartaigh (Jira) Thu, 09 Jul 2020 01:39:17 -0700


     [ 
https://issues.apache.org/jira/browse/CXF-8311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Colm O hEigeartaigh updated CXF-8311:
-------------------------------------
    Fix Version/s: 3.3.8
                   3.4.0

> OAuth 2.0: Refresh token redemption unexpectedly fails with invalid_grant 
> error
> -------------------------------------------------------------------------------
>
>                 Key: CXF-8311
>                 URL: https://issues.apache.org/jira/browse/CXF-8311
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 3.3.7
>            Reporter: Roman Usatenko
>            Assignee: Colm O hEigeartaigh
>            Priority: Major
>             Fix For: 3.4.0, 3.3.8
>
>
> Scenario:
>  # Get an access and refresh tokens for a client with less scopes than the 
> client allows, e.g. if there are scopes scope1 and scope2 registered for the 
> client the authorization request should contain only scope1 (or only scope2)
>  # Try to redeem refresh token without providing scope parameter in the token 
> request.
> Request fails with invalid_grant error which is against OAuth specification.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (CXF-8311) OAuth 2.0: Refresh token redemption unexpectedly fails with invalid_grant error

Reply via email to