[Openid-specs-ab] Issue #133: OP-UserInfo-Body Still Fails if not supported (openid/certification)
Roshni Chandrashekhar
issues-reply at bitbucket.org
Fri Mar 27 14:51:01 UTC 2015
New issue 133: OP-UserInfo-Body Still Fails if not supported
https://bitbucket.org/openid/certification/issue/133/op-userinfo-body-still-fails-if-not
Roshni Chandrashekhar:
It appears that the test seems to be checking for a Response Code between 200 and 300:
description: Checks that the HTTP response status is within the 200 or 300 range
We return a 401 when a UserInfoRequest is made with the access token in the body:
8.829751 ------------ UserInfoRequest ------------
8.830021 --> URL: https://www.googleapis.com/oauth2/v3/userinfo
8.830027 --> BODY: access_token=ya29.QwFqBx8DZfKQZfIM6RMPLqiZo-RWiL1ppD64Fd-tQViSXJioR-S2O4upTSAR6LhaCvjUBZgwNl_CXg
8.830035 --> HEADERS: {'Content-type': 'application/x-www-form-urlencoded'}
8.905696 <-- STATUS: 401
8.905822 ErrorResponse: {
"error": "invalid_token",
"error_description": "Invalid Credentials"
}
How can we return a 200-300 ResponseCode if we do not support asking for user information by passing in POST body parameters?
Responsible: Rohe
More information about the Openid-specs-ab
mailing list