You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Huh, we should be returning OAuth 2.0 standard error messages. I know we're very strict about that in the auth service but maybe we're not doing this right for this library.
Do we have a specification for how services that make calls to the Auth Service should respond when authentication fails? I see a bunch of information about how the auth service itself responds to the service, but do we have a standard for how services should relay the error information to the client?
Anyways, the OAuth 2.0 web API defines the format that services respond to the client in here. Don't know if that's the format it's supposed to use or not. Seems wrong since it doesn't have a type field, which I would expect.
It looks like it never sets the detail field on an error, so you just get null.
Also, is a 401 response correct? Doesn't look like we're sending back a WWW-Authenticate header which is supposed to be required for 401 responses.
D2L.Security.OAuth2/src/D2L.Security.OAuth2/Validation/AccessTokens/AccessTokenValidator.cs
Line 88 in e577fa3
However, when using an expired token, the client is presented with
{"title":"Authentication required","status":401,"detail":null}
.We are using:
The text was updated successfully, but these errors were encountered: