From f34dd4a0cbd2d25e9d469248e7250ebf97c9a70a Mon Sep 17 00:00:00 2001 From: Woody Gilk Date: Fri, 11 Jul 2014 11:59:18 -0500 Subject: [PATCH] 401 status is for invalid_token, not insufficient_scope --- src/League/OAuth2/Server/Resource.php | 2 +- tests/resource/ResourceServerTest.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/League/OAuth2/Server/Resource.php b/src/League/OAuth2/Server/Resource.php index 158d9087..8eb7a91f 100644 --- a/src/League/OAuth2/Server/Resource.php +++ b/src/League/OAuth2/Server/Resource.php @@ -163,7 +163,7 @@ class Resource // include the "WWW-Authenticate" response header field // matching the authentication scheme used by the client. // @codeCoverageIgnoreStart - if ($error === 'insufficient_scope') { + if ($error === 'invalid_token') { $authScheme = null; $request = new Request(); if ($request->server('PHP_AUTH_USER') !== null) { diff --git a/tests/resource/ResourceServerTest.php b/tests/resource/ResourceServerTest.php index 326f3f03..29ccd268 100644 --- a/tests/resource/ResourceServerTest.php +++ b/tests/resource/ResourceServerTest.php @@ -38,8 +38,8 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase public function test_getExceptionHttpHeaders() { $this->assertEquals(array('HTTP/1.1 400 Bad Request'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_request')); - $this->assertEquals(array('HTTP/1.1 401 Unauthorized'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_token')); - $this->assertContains('HTTP/1.1 403 Forbidden', League\OAuth2\Server\Resource::getExceptionHttpHeaders('insufficient_scope')); + $this->assertContains('HTTP/1.1 401 Unauthorized', League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_token')); + $this->assertEquals(array('HTTP/1.1 403 Forbidden'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('insufficient_scope')); } public function test_setRequest()