Skip to content

Oauth2 client: Allow deescalating logged ERROR for invalid client registration ID #11344

New issue
New issue
Closed
Closed
Oauth2 client: Allow deescalating logged ERROR for invalid client registration ID#11344
Assignees
sjohnr
Labels
in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement
Milestone
5.8.0-RC1
@PunchyRascal

Description

@PunchyRascal
PunchyRascal
opened on Jun 7, 2022

Current Behavior

Currently, when attempting to work withz invalid client ID, an ERROR is logged : Authorization Request failed: java.lang.IllegalArgumentException: Invalid Client Registration with Id: xxxl

(org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver#resolve(javax.servlet.http.HttpServletRequest, java.lang.String, java.lang.String))

Desired Behavior

Avoid ERRORs in logs for this case (either setup or altogether - switch to warning maybe?)

Context

When a security/penetration scan is run on the app, many errors like this are logged, but do not represent any actual problem with the app. All the errors are just a result of the scan. Therefore it would be nice if this error could be silenced - maybe changed to warning.

Thank you.

Metadata

Metadata

Assignees

Labels

in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions