hydra icon indicating copy to clipboard operation
hydra copied to clipboard
verified publisher icon ory

feat: for expired challenges return HTTP 410 and redirect url

Open terev opened this issue 1 year ago • 0 comments

Return HTTP 410 and initial auth url for consent app to redirect user agent to when an expired challenge is supplied. This implements the same mechanism provided for consent apps to handle previously utilized challenges #2473 .

BREAKING CHANGES: This patch changes the response status code for expired challenges from 401 to 410. It also changes the schema of the response from fosite.RFC6749Error to flow.OAuth2RedirectTo.

Related issue(s)

Closes #3772

Checklist

  • [x] I have read the contributing guidelines.
  • [x] I have referenced an issue containing the design document if my change introduces a new feature.
  • [x] I am following the contributing code guidelines.
  • [x] I have read the security policy.
  • [x] I confirm that this pull request does not address a security vulnerability. If this pull request addresses a security vulnerability, I confirm that I got the approval (please contact [email protected]) from the maintainers to push the changes.
  • [x] I have added tests that prove my fix is effective or that my feature works.
  • [ ] I have added or changed the documentation.

terev avatar Jul 21 '24 18:07 terev