Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-92399

OAuth2 service invocation with an expired token generate a text/html response

    Details

    • Type: Bug
    • Status: Closed
    • Resolution: Duplicate
    • Affects Version/s: 7.1.10.1 SP1
    • Fix Version/s: None
    • Labels:
      None

      Description

      Invoking a JAX-RS endpoint with an expired token generates a 403 HTTP error response with content type text/html instead of application/json

      Curl output (invoking and endpoint with a token obtained by a resource owner password credentials oauth2 client)

      > GET /o/greetings/morning HTTP/1.1
      > Host: localhost:8080
      > User-Agent: curl/7.62.0
      > Accept: */*
      >
      
      < HTTP/1.1 403
      < X-Content-Type-Options: nosniff
      < X-Frame-Options: SAMEORIGIN
      < X-XSS-Protection: 1
      < Set-Cookie: JSESSIONID=784AB5577CF57E12197CA6A507E8F053; Path=/; HttpOnly
      < Link: <http://localhost:8080/o/api/doc rel="http://www.w3.org/ns/hydra/core#apiDocumentation">
      < Content-Type: text/html;charset=utf-8
      < Content-Language: en
      < Content-Length: 1026
      
      
      <!doctype html><html lang="en"><head><title>HTTP Status 403 - Forbidden</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 403 - Forbidden</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Authorization required</p><p><b>Description</b> The server understood the request but refuses to authorize it.</p><hr class="line" /><h3>Apache Tomcat/9.0.6</h3></body></html>
      

      I would expect https://www.oauth.com/oauth2-servers/making-authenticated-requests/refreshing-an-access-token/ a 401 response with application/json as content type.

       

       

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  50 weeks, 3 days ago

                  Packages

                  Version Package