Include reason for rejecting token if the route expects a service-level token, and a user-level was provided (and vice versa) #40
Labels
Comments
|
Nah we can definitely do better than that. There may also be OAuth 2.0 mandated errors for those scenarios (see also #39 ) I think we need to figure out a strategy for how to deal with exceptions across services and libraries. I'm gonna write a little proposal. |
omsmith
added a commit
to omsmith/D2L.Security.OAuth2
that referenced
this issue
Dec 4, 2018
omsmith
added a commit
to omsmith/D2L.Security.OAuth2
that referenced
this issue
Dec 4, 2018
omsmith
added a commit
to omsmith/D2L.Security.OAuth2
that referenced
this issue
Dec 5, 2018
omsmith
added a commit
to omsmith/D2L.Security.OAuth2
that referenced
this issue
Dec 5, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If a controller / route(?) is marked with
[Authentication( users: true )], but a service-level token is provided, the client is presented with `{"Message":"Authorization has been denied for this request."} in the response.(Not sure if there are any security concerns with explaining why).
Versions used:
The text was updated successfully, but these errors were encountered: