Closed cmanista closed 2 years ago
Hi, I created a fork of this project as it seems unmaintained. If you're interested in contributing your PR I'd be happy to merge it with your name. Alternatively I'll prob copy & paste this if I don't hear from you. https://github.com/saasform/saasform/tree/main/packages/passport-oauth2-oidc
Hi, I'm OK with merging it under my name in your project.
@cmanista unfortunately I'm not sure I can "import" a PR - to the best of my knowledge you have to remake the PR in the other repo.
Given it's a 1-line change you can prob just edit via github editor, then generate a PR? https://github.com/saasform/saasform/blob/main/packages/passport-oauth2-oidc/lib/errors/authorizationerror.js#L20
HTTP 4xx errors are client errors, where the client is the one making the HTTP request. It is the HTTP server that is acting as an OIDC client. If an unauthorized_client
error is received, that indicates a server misconfiguration, and is therefore treated as a 500 Internal Server Error.
Closing, as the current functionality is intended.
When client is not registered with OP, and sends auth request,
https://github.com/jaredhanson/oauth2orize
replies with an error to the callback URI. The error parameter in this request is?error=unauthorized_client
. This value is not recognized inpassport-openidconnect
and therefore client receives http status: 500. Client should receive status: 403