Inaccurate error messages for invalid clients and redirect URIs

openshift / osin

Golang OAuth2 server library

BSD 3-Clause "New" or "Revised" License

1.92k stars 399 forks source link

Inaccurate error messages for invalid clients and redirect URIs #169

Closed astridej closed 4 years ago

astridej commented 6 years ago

If an authorize request passes an invalid client ID, the response is

{
    "error": "unauthorized_client",
    "error_description": "The client is not authorized to request a token using this method.",
    "state": "some_state"
}

Similarly, if the redirect URI doesn't match any of the client ones, the response is

{
    "error": "invalid_request",
    "error_description": "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.",
    "state": "some_state"
}

Both these errors are pretty misleading and have caused confusion. It would be good to get more helpful error messages.

RangelReale commented 6 years ago

Those errors came from the RFC, it is an exact copy from it. Maybe the library should have a better way to customize it.

astridej commented 6 years ago

More customization would definitely be great!

openshift-bot commented 4 years ago

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

openshift-bot commented 4 years ago

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten /remove-lifecycle stale

openshift-bot commented 4 years ago

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen. Mark the issue as fresh by commenting /remove-lifecycle rotten. Exclude this issue from closing again by commenting /lifecycle frozen.

/close

openshift-ci-robot commented 4 years ago

@openshift-bot: Closing this issue.

In response to [this](https://github.com/openshift/osin/issues/169#issuecomment-716196777): >Rotten issues close after 30d of inactivity. > >Reopen the issue by commenting `/reopen`. >Mark the issue as fresh by commenting `/remove-lifecycle rotten`. >Exclude this issue from closing again by commenting `/lifecycle frozen`. > >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.