Using the /introspect endpoint with a bearer token does not work in 4.4.9 - Githubissues

gravitee-io / issues

Gravitee.io - API Platform - Issues

65 stars 26 forks source link

Using the /introspect endpoint with a bearer token does not work in 4.4.9 #10166

Closed exalate-issue-sync[bot] closed 2 days ago

exalate-issue-sync[bot] commented 1 week ago

Describe the bug :

describe-the-bug-

Using the /introspect endpoint with a bearer token does not work in 4.4.9

Steps to reproduce:

create a domain (domainA) with WebApp enabled and a user in this domain
copy the default cert ssh-rsa key
create another domain (domainB) with a app service
create extension grant plugin on domain B (using the ssh-rsa key from domainA)
authenticate user on domainA using password flow to get an access_token
on domainB, generate an access token using the extension grant flow

curl -X POST -u xxxx:xxxxxx http://localhost:8092/domainB/oauth/token -d 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion='$TOKEN

request introspect on domainB on the newly generated token, should works
on domainA, remove the user
request introspect on domainB once again, the introspect is failling but it should work (this is a regression, in 4.4.7, the token was valid)

Expected behaviour :

expected-behaviour-

The introspect endpoint should return the details of an active token

Current behaviour :

current-behaviour-

Valid tokens return an "active: false" response

Useful information :

useful-information-

This is a regression introduce by https://gravitee.atlassian.net/browse/AM-4047 ( github https://github.com/gravitee-io/issues/issues/10065 )

Desktop :

Environment: 4.4.9
Please see Zendesk Support tab for further comments and attachments.

exalate-issue-sync[bot] commented 2 days ago

This issue will be fixed in versions 4.3.18, 4.2.26, 4.1.35, 4.4.11