-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update details to inform client why auth failed on token timeouts. #39
Comments
Huh, we should be returning OAuth 2.0 standard error messages. I know we're very strict about that in the auth service but maybe we're not doing this right for this library. |
FYI @mpharoah-d2l |
I added the package versions we're using. |
Do we have a specification for how services that make calls to the Auth Service should respond when authentication fails? I see a bunch of information about how the auth service itself responds to the service, but do we have a standard for how services should relay the error information to the client? Anyways, the OAuth 2.0 web API defines the format that services respond to the client in here. Don't know if that's the format it's supposed to use or not. Seems wrong since it doesn't have a Also, is a 401 response correct? Doesn't look like we're sending back a |
D2L.Security.OAuth2/src/D2L.Security.OAuth2/Validation/AccessTokens/AccessTokenValidator.cs
Line 88 in e577fa3
However, when using an expired token, the client is presented with
{"title":"Authentication required","status":401,"detail":null}
.We are using:
The text was updated successfully, but these errors were encountered: