oauth2: invalid consent response causes panic - closes #369

ory · Feb 11, 2017 · 868a02b · 868a02b
1 parent 0401de9
commit 868a02b
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/oauth2/consent_strategy.go b/oauth2/consent_strategy.go
@@ -45,6 +45,9 @@ func (s *DefaultConsentStrategy) ValidateResponse(a fosite.AuthorizeRequester, t
 		}
 		return rsaKey, nil
 	})
+	if err != nil {
+		return nil, errors.Wrap(err, "The consent response is not a valid JSON Web Token")
+	}
 
 	// make sure to use MapClaims since that is the default..
 	jwtClaims, ok := t.Claims.(jwt.MapClaims)