stormpath-sdk-java When logging in with OAuth, bad password results in "Invalid grant" as error

When logging in with OAuth, bad password results in "Invalid grant" as error

Open mraible opened this issue 7 years ago • 1 comments

I'm using the Stormpath Angular SDK with Spring Boot Stormpath Starter version 2.0.0-okta-rc1. If I enter a bad password, the error message is "Invalid grant" rather than "Invalid username or password.".

invalid-grant

You can reproduce this problem using HTTPie. The following will work.

http -f POST localhost:8080/oauth/token grant_type=password username=VALID_USERNAME password=CORRECT_PASSWORD

This does not:

http -f POST localhost:8080/oauth/token grant_type=password username=VALID_USERNAME password=BAD_PASSWORD

HTTP/1.1 400
Cache-Control: no-store, no-cache
Connection: close
Content-Length: 53
Content-Type: application/json;charset=ISO-8859-1
Date: Thu, 01 Jun 2017 14:58:09 GMT
Expires: 0
Pragma: no-cache
Set-Cookie: JSESSIONID=6A12DD8C7656A3BD4ADD9EEE5DBF6B02; Path=/; HttpOnly
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block

{
    "error": "invalid_request",
    "message": "Invalid grant"
}

Jun 01 '17 14:06 mraible

"Invalid grant" is the error is the error message we receive back from Okta. To change this, we will need to handle this case specifically. We need to look into this a bit more and make sure that the we only do this for user/password requests

Jun 13 '17 16:06 bdemers

stormpath-sdk-java stormpath-sdk-java copied to clipboard

When logging in with OAuth, bad password results in "Invalid grant" as error

stormpath-sdk-java
stormpath-sdk-java copied to clipboard