Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DCR GET / DELETE Endpoints giving 401 Unauthorized response when the client id and client name is incorrect #21624

Open
ShanChathusanda93 opened this issue Nov 6, 2024 · 1 comment
Open

DCR GET / DELETE Endpoints giving 401 Unauthorized response when the client id and client name is incorrect #21624

ShanChathusanda93 opened this issue Nov 6, 2024 · 1 comment
Labels
Priority/Normal Severity/Minor Team/API Access Mgt & Authorization Type/Bug

Comments

@ShanChathusanda93
Copy link
Contributor

Describe the issue:
When calling the DCR GET endpoint with invalid client id or an invalid client name, it gives a 401 Unauthorized response.

DCR GET - Client ID

https://localhost:9443/t/carbon.super/api/identity/oauth2/dcr/v1.1/register/{{CLIENT_ID}}

DCR GET - Client Name

https://localhost:9443/t/carbon.super/api/identity/oauth2/dcr/v1.1/register/client_name={{CLIENT_NAME}}

Same occurs when calling the delete endpoint

https://localhost:9443/t/carbon.super/api/identity/oauth2/dcr/v1.1/register/{{CLIENT_ID}}

How to reproduce:

  1. Create an OAuth2 application.
  2. Try to get the created OAuth2 application from the DCR GET endpoint with client id.
  3. Now add an invalid client id and execute the DCR GET.
  4. Try to delete the created application from DCR DELETE.
  5. Try the deletion with an invalid client id.
  6. In both the above invalid scenarios the https response code is 401 Unauthorized

Expected behavior:

  • Normally this sould be a Bad Request

Environment information (Please complete the following information; remove any unnecessary fields) :

  • Product Version: IS 7.1.0-m4-SNAPSHOT
  • OS: Mac
  • Database: H2
  • Userstore: JDBC
@Thumimku
Copy link
Contributor

Thumimku commented Nov 6, 2024
edited
Loading

Reduced severity and priority based on the description because this is a negative request and there is not severe impact.
CC: @ShanChathusanda93

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Priority/Normal Severity/Minor Team/API Access Mgt & Authorization Type/Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ShanChathusanda93 @Thumimku