[LPS-131573] OAuth2 Token Introspection it's not working - Liferay Issues

XML

Word

Printable

Details

Type: Regression Bug
Status: Closed
Resolution: Fixed
Affects Version/s: Master
Fix Version/s: 7.4.1 CE GA2, Master
Component/s: Application Security > OAuth2
Labels:
- backend_test
- pt-upgrade-review

Fix Priority:
4
Last Working Version:

7.3.6 CE GA7
Sprint:
AppSec Iteration 62
Git Pull Request:
https://github.com/liferay-appsec/liferay-portal/pull/352

Description

Steps to reproduce:

Create new OAuth2 application
Edit the OAuth2 app and check Token Introspection checkbox
Obtain access token using http://martamedio.com/oauth2-tester/

Try to Inspect the token using the previous tool or execute from cmd line (set correct client_id, client_secret and token values):

curl 'http://localhost:8080/o/oauth2/introspect' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  --data 'client_id=XX' \
  --data 'client_secret=XX' \
  --data 'token=7b47179c5dc6dd43bb4d46b5ea47bae0cbf4b04f999b50a255bad7d988725' \
  --compressed

Expected Result: Server returns information about the token
Actual Result: Server returns error message

Attachments

Issue Links

is related to

LPS-130869 OAuth2 token introspection fails with empty client_secret for PKCE applications

Resolved

Activity

People

Assignee:: Marcell Weller

Reporter:: Marta Medio (Inactive)

Participants of an Issue:: Marcell Weller, Marta Medio

Recent user:: Brian Wulbern

Engineering Assignee:: Marta Medio (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 04/May/21 2:28 AM

Updated:: 20/Jun/21 6:24 PM

Resolved:: 11/May/21 12:52 PM

Days since last comment:: 22 weeks, 2 days ago

Packages

Version	Package
7.4.1 CE GA2	DXP 7,4
Master