Closed dushaniw closed 11 months ago
This is occurring for both application tokens and application user tokens (password grant)
It seems the root cause is due to adding OAuthClientAuthenticatorProxy as an interceptor in [1]. As the interceptor is defined as an annotation in the required classes like [2], it is not required to add the interceptor in the cxf-servlet.xml
[1] - https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth.endpoint/src/main/webapp/WEB-INF/cxf-servlet.xml#L42 [2] - https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java#L81
As @janakamarasena mentioned in our current implementation, we are using OAuthClientAuthenticatorProxy
for all the auth2
endpoint through the cxf-serverlet.xml and same proxy in the class level as an annotation for the classes which require that PRE_INVOKE interceptor to validate the authentication information.
But removing that global interceptor from[1] didn't resolve the issue, where the OAuthClientAuthenticatorProxy
is keep getting invoked for the classes which do not have the @InInterceptor annotation.
This interceptor invoking mechanism is generated from the apache.cxf where it requires a thorough analysis to identify the ambiguous behaviour.
This can be solved by defining separate servers for the endpoints which requires Proxy authentication and add the OAuthClientAuthenticatorProxy
interceptor only for those endpoints (such as /token
, /revoke
, /device_authorize
, /ciba
, /par
). But this can lead to performance issues when utilizing the auth2
endpoints.
Describe the issue:
How to reproduce:
Observed the same in the server logs while running integration test
OAuth2ServiceClientCredentialTestCase
Expected behavior: An error log should not be printed.
Environment information (Please complete the following information; remove any unnecessary fields) :
Optional Fields
Related issues:
Suggested labels: