django-oauth-toolkit icon indicating copy to clipboard operation
django-oauth-toolkit copied to clipboard

Published 20 hours ago verified publisher icon jazzband

Wrong HTTP Code on Token Introspection with expired / invalid token

Open ZuSe opened this issue 3 years ago • 0 comments

Describe the bug Right now we return HTTP 401 when providing valid authentication credentials (in my case Basic Auth client_id:secret) but an invalid token

To Reproduce curl -L -X POST 'https://myserver.com/oidc/introspect/'
-H 'Authorization: Basic BASICAUTH'
-F 'token="ghJyFkBhfbqI4QqubWS2vIo5lbjoV2"'

Expected behavior According to https://datatracker.ietf.org/doc/html/rfc7662#section-2 it should return HTTP 200 with body

{ "active": false } Version 1,5,0

  • [X ] I have tested with the latest published release and it's still a problem.
  • [X] I have tested with the master branch and it's still a problem.

ZuSe avatar Sep 15 '21 07:09 ZuSe