Uploaded image for project: 'PUBLIC - OAuth2'
  1. PUBLIC - OAuth2
  2. OAUTH2-233

Misleading error message when misconfiguring PKCE auth type

    Details

    • Type: Bug
    • Status: Verified
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: Master, 1.1-marketplace_7.1.0
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Fix Priority:
      2

      Description

      When attempting to save changes to an OAuth 2 application with "PKCE Extended Authorization Code" selected as an Authorization Type AND the Client Secret populated, the form does not save and an error message appears at the top of the page. This is an expected result as a Client Secret is not supposed to be used in a PKCE flow.

      However, the error message that appears on top of the page reads:

      Error: Grant type "PKCE Extended Authorization Code" is unsupported for this client type.
      

      This message can be misleading as it implies that PKCE does not work with the Client Profile type that is selected even when Native Application is selected. The message should instead indicate that the Client Secret cannot be populated when PKCE is selected.

      Steps to reproduce:

      1. Create a new OAuth 2 app selecting "Native Application" as the Client Profile and "PKCE Extended Authorization Code" as the Allowed Authorization Type and save
      2. Enter a value in the Client Secret field and save

      Reproduced on:
      Portal master Git SHA: 209fe1d2cd5c3081e414d8301828ae5c6e751d6c
      Portal DXP 7.1 Fix Pack 3 + OAuth 2 1.1.0

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              joshua.chong Joshua Chong
              Participants of an Issue:
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:

                Packages

                Version Package