Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13430

Invalid request is returned instead of Invalid request parameter error

    Details

    • Sprint:
      AM Sustaining Sprint 54
    • Story Points:
      2
    • Needs QA verification:
      No

      Description

      Bug description

      The spec says that when an issue happened when handling the request parameter, like an invalid request, the error expected is 'invalid_request_parameter'

      In AM, we badly re-used 'invalid_request'

      How to reproduce the issue

      Do an authorise request with something like that:
      https://matls.as.aspsp.integ-ob.forgerock.financial/oauth2/realms/root/realms/openbanking/authorize?request=eyJhbGciOiJub25lIn0.eyJhdWQiOiJodHRwczpcL1wvbWF0bHMuYXMuYXNwc3AuaW50ZWctb2IuZm9yZ2Vyb2NrLmZpbmFuY2lhbFwvb2F1dGgyXC9vcGVuYmFua2luZyIsInNjb3BlIjoib3BlbmlkIGFjY291bnRzIHBheW1lbnRzIiwiY2xhaW1zIjp7ImlkX3Rva2VuIjp7Im9wZW5iYW5raW5nX2ludGVudF9pZCI6eyJ2YWx1ZSI6IkFkNTFhZmJiYi0yMzVhLTRiYjAtYmZlYi0wYzliZmE2NzFhNTkiLCJlc3NlbnRpYWwiOnRydWV9fX0sImlzcyI6ImU0NTBlMzBmLWVlZGQtNDgyOC1iMTc1LTdjZmY0ZDdkNGZhNCIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIGlkX3Rva2VuIiwicmVkaXJlY3RfdXJpIjoiaHR0cHM6XC9cL2ZpbnRlY2hsYWJzLWZhcGktY29uZm9ybWFuY2Utc3VpdGUuZmludGVjaGxhYnMuaW9cL3Rlc3RcL2FcL0ZvcmdlUm9jayUyMEludGVncmF0aW9uJTIwXC9jYWxsYmFjayIsInN0YXRlIjoiTXNPUHRmR0R0ViIsIm5vbmNlIjoiaG9rTFQ2aFA4WSIsImNsaWVudF9pZCI6ImU0NTBlMzBmLWVlZGQtNDgyOC1iMTc1LTdjZmY0ZDdkNGZhNCJ9.&client_id=e450e30f-eedd-4828-b175-7cff4d7d4fa4&redirect_uri=https://fintechlabs-fapi-conformance-suite.fintechlabs.io/test/a/ForgeRock%2520Integration%2520/callback&scope=openid%20accounts%20payments&response_type=code%20id_token

      Which is sending a request parameter without signature for example

      Expected behaviour
      error_description
      Invalid request parameter JWS
      error
      invalid_request_parameter
      
      Current behaviour
      error_description
      Invalid request parameter JWS
      error
      invalid_request
      

      Work around

      none

        Attachments

          Activity

            People

            • Assignee:
              adam.heath Adam Heath
              Reporter:
              quentin.castel Quentin CASTEL [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: