return invalid_client in oauth2 error code

return invalid_client in oauth2 error response body Fix for issue #2545
cloudfoundry · Nov 13, 2023 · 82b62f9 · 82b62f9
1 parent 26c63ae
commit 82b62f9
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 3 deletions.
diff --git a/...er/src/main/java/org/cloudfoundry/identity/uaa/authentication/UaaExceptionTranslator.java b/...er/src/main/java/org/cloudfoundry/identity/uaa/authentication/UaaExceptionTranslator.java
@@ -3,6 +3,8 @@
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
 import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
 import org.springframework.security.oauth2.provider.error.DefaultWebResponseExceptionTranslator;
 
@@ -12,6 +14,8 @@ public class UaaExceptionTranslator extends DefaultWebResponseExceptionTranslato
     public ResponseEntity<OAuth2Exception> translate(Exception e) throws Exception {
         if (e instanceof AccountNotVerifiedException) {
             return handleOAuth2Exception(new ForbiddenException(e.getMessage(), e));
+        } else if (e instanceof BadCredentialsException) {
+            return handleOAuth2Exception(OAuth2Exception.create(OAuth2Exception.INVALID_CLIENT, e.getMessage()));
         }
 
         return super.translate(e);
@@ -23,7 +27,9 @@ private ResponseEntity<OAuth2Exception> handleOAuth2Exception(OAuth2Exception e)
         HttpHeaders headers = new HttpHeaders();
         headers.set("Cache-Control", "no-store");
         headers.set("Pragma", "no-cache");
-
+        if (status == HttpStatus.UNAUTHORIZED.value() && (e instanceof InvalidClientException)) {
+            headers.set("WWW-Authenticate", "Basic error=\"unauthorized\", error_description=\"Bad credentials\"");
+        }
         return new ResponseEntity<OAuth2Exception>(e, headers,
             HttpStatus.valueOf(status));
 

diff --git a/...st/java/org/cloudfoundry/identity/uaa/integration/ClientInfoEndpointIntegrationTests.java b/...st/java/org/cloudfoundry/identity/uaa/integration/ClientInfoEndpointIntegrationTests.java
@@ -84,7 +84,7 @@ public void testUnauthenticated() {
         @SuppressWarnings("rawtypes")
         ResponseEntity<Map> response = serverRunning.getForObject("/clientinfo", Map.class, headers);
         assertEquals(HttpStatus.UNAUTHORIZED, response.getStatusCode());
-        assertEquals("unauthorized", response.getBody().get("error"));
+        assertEquals("invalid_client", response.getBody().get("error"));
 
     }
 

diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java
@@ -3530,7 +3530,7 @@ void testGetPasswordGrantInvalidPassword() throws Exception {
                 .param(OAuth2Utils.GRANT_TYPE, "password")
                 .param(OAuth2Utils.CLIENT_ID, clientId))
                 .andExpect(status().isUnauthorized())
-                .andExpect(content().string("{\"error\":\"unauthorized\",\"error_description\":\"Bad credentials\"}"));
+                .andExpect(content().string("{\"error\":\"invalid_client\",\"error_description\":\"Bad credentials\"}"));
     }
 
     @Test