[OPENAM-5332] Update OAuth2 RefreshTokenServerResource to check the clientID case insensitively Created: 16/Dec/14  Updated: 20/Nov/16  Resolved: 02/Feb/15

Status: Resolved
Project: OpenAM
Component/s: oauth2
Affects Version/s: 11.0.2
Fix Version/s: 11.0.3, 12.0.1, 13.0.0

Type: New Feature Priority: Major
Reporter: Sachiko Wallace Assignee: Sachiko Wallace
Resolution: Fixed Votes: 1
Labels: EDISON, release-notes
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Target Version/s:
Sprint: Sprint 76 - Sustaining
Support Ticket IDs:
QA Assignee: Garyl Erickson


1. create "OAuth 2.0 Client" called "TestOAuth2Agent"
2. configure OAuth2
3. run the following grant_type=password command. it will return error

 curl --request POST --data "client_id=testoauth2agent&client_secret=cangetin&grant_type=password&username=testuser01&password=cangetin" http://openam.example.com:18080/opensso/oauth2/access_token 

curl --request POST --data "grant_type=refresh_token&refresh_token=xxxx" http://openam.example.com:18080/opensso/oauth2/access_token 

4. restart OpenAM server
5. run the same command in step 3. it will succeed

OAuth2 clients are agent account and OpenAM stores configuration in non-case sensitive way since LDAP is case insensitive. Therefore, RefreshTokenServerResource shouldn't check clientID in case sensitive way.

Generated at Sat Oct 24 00:19:39 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.