mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-11-01 16:33:07 +05:30
Merge pull request #186 from ushahidi/resource-server-correct-http-error
Send HTTP 401 for invalid_token, rather than insufficient_scope
This commit is contained in:
commit
7771bc04ec
@ -163,7 +163,7 @@ class Resource
|
||||
// include the "WWW-Authenticate" response header field
|
||||
// matching the authentication scheme used by the client.
|
||||
// @codeCoverageIgnoreStart
|
||||
if ($error === 'insufficient_scope') {
|
||||
if ($error === 'invalid_token') {
|
||||
$authScheme = null;
|
||||
$request = new Request();
|
||||
if ($request->server('PHP_AUTH_USER') !== null) {
|
||||
|
@ -38,8 +38,8 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
|
||||
public function test_getExceptionHttpHeaders()
|
||||
{
|
||||
$this->assertEquals(array('HTTP/1.1 400 Bad Request'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_request'));
|
||||
$this->assertEquals(array('HTTP/1.1 401 Unauthorized'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_token'));
|
||||
$this->assertContains('HTTP/1.1 403 Forbidden', League\OAuth2\Server\Resource::getExceptionHttpHeaders('insufficient_scope'));
|
||||
$this->assertContains('HTTP/1.1 401 Unauthorized', League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_token'));
|
||||
$this->assertEquals(array('HTTP/1.1 403 Forbidden'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('insufficient_scope'));
|
||||
}
|
||||
|
||||
public function test_setRequest()
|
||||
|
Loading…
Reference in New Issue
Block a user