Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14766

introspect and tokeninfo endpoints return Internal Server Error 500 in some invalid tokens

    Details

    • Sprint:
      AM Sustaining Sprint 62, AM Sustaining Sprint 63
    • Story Points:
      3
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      There are occasions where introspect and tokeninfo endpoints return an Internal Server Error 500 for invalid access tokens. 

      How to reproduce the issue

      1. Configure OAuth2 Provider
      2. Take the default jwt created by jwt.io and pass into the introspect and tokeninfo endpoints
      Expected behaviour
      400 Bad Request - if after determining it's an invalid jwt it should at least return a 400 error rather than a 500.
      Current behaviour
      500 Internal Server Error

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                lawrence.yarham Lawrence Yarham
                Reporter:
                aaron.haskins Aaron Haskins
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: