Open shashimalcse opened 1 week ago
Manual Testing:
Success Case
Request:
curl -k -X POST -H 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:device_code' --data-urlencode 'client_id=bXwTdGpDuBC4kuOtecQvd_ue8Qka' --data-urlencode 'device_code=c031edad-7085-4c89-b6e0-c54a4834a2ec' https://localhost:9443/oauth2/token
Response:
{"access_token":"2d859716-3fee-3f82-bd59-44fed93c6ff4","token_type":"Bearer","expires_in":3600}
When the authorization is pending
Request:
curl -k -X POST -H 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:device_code' --data-urlencode 'client_id=bXwTdGpDuBC4kuOtecQvd_ue8Qka' --data-urlencode 'device_code=acf10b14-b596-4cba-883f-4bb6256debbc' https://localhost:9443/oauth2/token
Response: {"error_description":"Precondition required","error":"authorization_pending"}
When the token is expired:
Same request as above.
Response:
{"error_description":"Precondition required","error":"authorization_pending"}
When frequent requests sent before the polling interval
Same request as above.
Response:
{"error_description":"Forbidden","error":"slow_down"}
Describe the issue: In the device flow, the token response is the same for multiple scenarios that should have distinct error codes according to the OAuth 2.0 Device Authorization Grant specification (RFC 8628).
Currently, the following scenarios all return the same error response:
The current error response for all these scenarios is:
How to reproduce:
Expected behavior: According to the specification, there should be distinct error codes for different scenarios:
Environment information (Please complete the following information; remove any unnecessary fields) :
Optional Fields
Related issues:
Suggested labels: