Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15349

Access Token request returns a 500 error

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.5.1
    • Fix Version/s: 7.0.0, 6.5.3
    • Component/s: oauth2
    • Labels:
    • Sprint:
      AM Sustaining Sprint 66, AM Sustaining Sprint 67, AM Sustaining Sprint 68, AM Sustaining Sprint 76
    • Story Points:
      3
    • Needs backport:
      No
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      Below request returns a 500 error:

      curl -X POST -k \
      'https://login.my-namespace.example.com/oauth2/access_token?grant_type=password&username=demo&password=changeit&scope=profile' \
      -H 'Authorization: Basic YmFzaWNDbGllbnQ6YmFzaWNDbGllbnQ=' \
      -H 'Cache-Control: no-cache' \
      -H 'Connection: keep-alive' \
      -H 'Content-Type: application/x-www-form-urlencoded' \
      -H 'Cookie: amlbcookie=01; iPlanetDirectoryPro=<iPDP>' \
      -H 'Host: login.my-namespace.example.com'

      How to reproduce the issue

      1. Create OAuth2 Client basicClient
      2. Create OAuth2 Provider
      3. Run request above
      Expected behaviour
      As the RO credentials are being passed in the query string it should still fail with HTTP 400.
      
      Current behaviour
      Throws an NPE and returns a 500 error

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sachiko Sachiko Wallace
                Reporter:
                aaron.haskins Aaron Haskins
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: