Empty response when bad oauth2 credentials supplied (e.g. expired access token) #99
Comments
|
I have a same problem. If, for example, the access token is invalid, I got an empty body, but in headers have this |
|
Your response isn't empty, it's 401 Unauthorized |
|
|
|
But I think it should be something like this {
"type": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html",
"title": "Unauthorized",
"status": 401,
"detail": "Unauthorized"
} |
|
10.4.2 does not suggest any body in the response to a 401: |
|
Your sentence is perfectly valid but since Apigility provides listeners to marshall responses to ApiProblemResponse in case of responses denoting problems (which include a jSON body) we should be consistent. See also: #108 |
|
I agree with that. I need consistency on JSON response |
|
This repository has been closed and moved to laminas-api-tools/api-tools-mvc-auth; a new issue has been opened at laminas-api-tools/api-tools-mvc-auth#13. |
In the authenticate method of the oauth2 adapter (https://github.com/zfcampus/zf-mvc-auth/blob/master/src/Authentication/OAuth2Adapter.php#L135) - if the response is an IdentityInterface, the output is a json that looks like this (due to the SendApiProblemResponseListener, which parses the ApiProblem response which is generated later on):
{ "type": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html", "title": "Forbidden", "status": 403, "detail": "Forbidden" }However - in the case of an error from the response of the oauth2 server (https://github.com/zfcampus/zf-mvc-auth/blob/master/src/Authentication/OAuth2Adapter.php#L154-L156), what returns is a Zend\Http\Response, causing the response to be an empty response with only the 401 status code but without a body (https://github.com/zfcampus/zf-mvc-auth/blob/master/src/Authentication/DefaultAuthenticationListener.php#L189-L191).
This issue started happening to me after I've updated apigility from 1.0.* to the latest.
The text was updated successfully, but these errors were encountered: