Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-130869

OAuth2 token introspection fails with empty client_secret for PKCE applications

    Details

      Description

      Steps to reproduce:

      1. Create new OAuth2 application, choose Client Profile: Other and select PKCE
      2. Edit the OAuth2 app, specify Client Id: pkce and check Token Introspection checkbox
      3. Obtain access token using http://martamedio.com/oauth2-tester/pkce/, for example:
        7b47179c5dc6dd43bb4d46b5ea47bae0cbf4b04f999b50a255bad7d988725
      1. Execute from cmd line:
        curl 'http://localhost:8080/o/oauth2/introspect' \
          -H 'Content-Type: application/x-www-form-urlencoded' \
          --data 'client_id=pkce' \
          --data 'client_secret=' \
          --data 'token=7b47179c5dc6dd43bb4d46b5ea47bae0cbf4b04f999b50a255bad7d988725' \
          --compressed
        

      Expected Result: Server returns information about the token
      Actual Result: Server returns error message

      {"error":"unauthorized_client"}
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              marta.medio Marta Medio (Inactive)
              Reporter:
              tomas.polesovsky Tomáš Polešovský
              Participants of an Issue:
              Recent user:
              Clarissa Velazquez
              Engineering Assignee:
              Tomáš Polešovský
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                21 weeks, 3 days ago

                  Packages

                  Version Package
                  7.2.10 DXP FP13
                  7.2.X
                  7.3.7 CE GA8
                  7.3.10 DXP FP2
                  7.3.X
                  7.4.1 CE GA2 DXP 7,4
                  Master