Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-17101

Different behavior when invalid/missing SSO token is passed in /authorize call

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 6.5.3
    • Fix Version/s: None
    • Component/s: oauth2
    • Labels:
    • Target Version/s:
    • Rank:
      1|i02vyf:

      Description

      Bug description

      I am seeing different behavior in 6.5.x v/s 7.0. when invalid/missing SSO token is passed in /authorize call

      AM 6.5.3 returns error:
      http://am653.example.com:8080/am?error_description=Failed%20to%20get%20resource%20owner%20session%20from%20request&error=invalid_request
       
      AM 7.0 redirects user to login UI (expected):
      http://am7.example.com:8086/am/UI/Login?realm=/customers&goto=http://am7.example.com:8086/am/oauth2/realms/root/realms/customers/authorize

      How to reproduce the issue

      1. Enable OAuth provider 
      2. Add an OAuth client with Authorize Code as grant type 
      3. Invoke /authorize 
      4. Observe different results from above call in 6.5 v/s 7.0 
      Expected behaviour
      User should be redirected back to login UI as done in 7.0 
      
      Current behaviour
      AM 6.5.x returns error message while 7.0 redirects user back to login UI
      

      Work around

      None

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              charan.mann Charan Mann
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated: