Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12302

Improve error response for Device Code flow - missing user code.

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 13.5.2, 14.5.1
    • Fix Version/s: 6.0.0
    • Component/s: oauth2
    • Labels:
    • Target Version/s:

      Description

      When you omit user_code parameter on device code flow you get a http 400 with the following error description.

       description: "Internal Server Error",
       message: "server_error"

       

      400 would seem correct, but internal server error message could be improved.

      Steps to reproduce:

      1) Set up oauth client and service.

      2) Get device code

      e.g

      get code

      curl   --data response_type=token   --data scope=scope1   --data client_id=myoauthclient  http://openam.example.com:8080/openam/oauth2/device/code

       

      call device/user with user_code=

      e.g

      curl   -X POST   --header "Cookie: iPlanetDirectoryPro=A....*"   --header "Content-Type: application/x-www-form-urlencoded"   --data scope=cn  --data user_code=DnxQSxzq   --data response_type=token   --data client_id=myoauthclient   --data decision=allow   --data csrf=A..*  http://openam.example.com:8080/openam/oauth2/device/user?user_code=    <--empty
       

       Code Analysis

      DeviceCodeVerificationResource calls  tokenStore.readDeviceCode with empty code and a 

      ServerException is thrown.

      Just need to check for presence of device code and throw bad request/missing param exception.

       

       

       

        Attachments

          Activity

            People

            • Assignee:
              phillcunnington Phill Cunnington
              Reporter:
              jonthomas Jonathan Thomas
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: