Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BUG - Change expired http status code from 403 to 401 #667

Closed
rtisma opened this issue Aug 18, 2020 · 2 comments
Closed

BUG - Change expired http status code from 403 to 401 #667

rtisma opened this issue Aug 18, 2020 · 2 comments
Assignees
Labels
breaking-change Changes to the code might result in breaking-changes bug Something isn't working low Low priority to be worked on.

Comments

@rtisma
Copy link
Contributor

rtisma commented Aug 18, 2020

As per oauth spec:
https://tools.ietf.org/html/rfc6750#section-3.1

expired tokens are considered "invalid tokens" which are a 401 error
"insufficent scope" are 403 errors

This is a breaking change since the expected error is changing. Not high priority, since a 400-level error is thrown. Its just not the right type.

This applies to the JWT tests for expired aswell

@rtisma rtisma added bug Something isn't working breaking-change Changes to the code might result in breaking-changes low Low priority to be worked on. labels Aug 18, 2020
@rtisma rtisma added this to the [Future] Canarie Sprint 4 milestone Aug 18, 2020
@rtisma rtisma self-assigned this Aug 18, 2020
@gokul472 gokul472 removed this from the [Future] Canarie Sprint 4 milestone Aug 20, 2020
@leoraba leoraba assigned leoraba and unassigned rtisma Aug 3, 2023
@leoraba
Copy link
Contributor

leoraba commented Aug 3, 2023

Findings:

  • Song allows the using of expired apiKeys. issue reported in 2020 (issue Song Accepts Expired API-Keys #585 )
  • There is no validation in Song to check the expiration date of the apiKeys.
  • Song delegates the logic to validate an apiKey by calling Ego POST /o/check_api_key , said operation is not checking expiration dates on apiKeys (EGO issue #725)

@leoraba
Copy link
Contributor

leoraba commented Aug 9, 2023

Closing this issue. as the current code behaves different, as described in the previous comment.

@leoraba leoraba closed this as completed Aug 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
breaking-change Changes to the code might result in breaking-changes bug Something isn't working low Low priority to be worked on.
Projects
None yet
Development

No branches or pull requests

3 participants