[OPENAM-17101] Different behavior when invalid/missing SSO token is passed in /authorize call Created: 23/Nov/20  Updated: 25/Nov/20

Status: Open
Project: OpenAM
Component/s: oauth2
Affects Version/s: 6.5.3
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Charan Mann Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: EDISON
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
is related to OPENAM-12215 NPE thrown when calling OIDC authoriz... Resolved
Target Version/s:
Rank: 1|i02vyf:


Bug description

I am seeing different behavior in 6.5.x v/s 7.0. when invalid/missing SSO token is passed in /authorize call

AM 6.5.3 returns error:
AM 7.0 redirects user to login UI (expected):

How to reproduce the issue

  1. Enable OAuth provider 
  2. Add an OAuth client with Authorize Code as grant type 
  3. Invoke /authorize 
  4. Observe different results from above call in 6.5 v/s 7.0 
Expected behaviour
User should be redirected back to login UI as done in 7.0 
Current behaviour
AM 6.5.x returns error message while 7.0 redirects user back to login UI

Work around


Generated at Thu Apr 22 19:27:08 UTC 2021 using Jira 8.16.0#816000-sha1:a455b91378454416b49bbc88d03e653cb9815ed5.