-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Include reason for rejecting token if the route expects a service-level token, and a user-level was provided (and vice versa) #40
Labels
Comments
Nah we can definitely do better than that. There may also be OAuth 2.0 mandated errors for those scenarios (see also #39 ) I think we need to figure out a strategy for how to deal with exceptions across services and libraries. I'm gonna write a little proposal. |
omsmith
added a commit
to omsmith/D2L.Security.OAuth2
that referenced
this issue
Dec 4, 2018
omsmith
added a commit
to omsmith/D2L.Security.OAuth2
that referenced
this issue
Dec 4, 2018
omsmith
added a commit
to omsmith/D2L.Security.OAuth2
that referenced
this issue
Dec 5, 2018
omsmith
added a commit
to omsmith/D2L.Security.OAuth2
that referenced
this issue
Dec 5, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If a controller / route(?) is marked with
[Authentication( users: true )]
, but a service-level token is provided, the client is presented with `{"Message":"Authorization has been denied for this request."} in the response.(Not sure if there are any security concerns with explaining why).
Versions used:
The text was updated successfully, but these errors were encountered: