Keycloak: Return 401 not 500 when bearer token has expired (on credential offer endpoint)

IngridPuppet commented 3 months ago

There is a potential issue (of low severity) to address in Keycloak.

Context: The credential offer endpoint authenticates calls via a bearer token.

curl --location 'https://keycloak.solutions.adorsys.com/realms/master/protocol/oid4vc/credential-offer/vA6D3rO2WqzRAOkAYpSNhspLaZJmOjOG' \
--header 'Accept: application/json' \
--header "Authorization: Bearer $TOKEN"

However, when the token has expired, this call results in a 500 Internal Server error. I believe it should be something like 401 Unauthorized.

nitch2019 commented 2 months ago

blocked and waiting for https://github.com/keycloak/keycloak/pull/30692

francis-pouatcha commented 2 months ago

See comment in pull request and in discord.

IngridPuppet commented 2 months ago

Will be addressed by:

https://github.com/keycloak/keycloak/pull/31587

nitch2019 commented 2 months ago

add integration tests

nitch2019 commented 2 months ago

back to kc pr

adorsys / keycloak-ssi-deployment

Keycloak: Return 401 not 500 when bearer token has expired (on credential offer endpoint) #54