mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-01-10 22:02:05 +05:30
Merge pull request #186 from ushahidi/resource-server-correct-http-error
Send HTTP 401 for invalid_token, rather than insufficient_scope
This commit is contained in:
commit
7771bc04ec
@ -163,7 +163,7 @@ class Resource
|
|||||||
// include the "WWW-Authenticate" response header field
|
// include the "WWW-Authenticate" response header field
|
||||||
// matching the authentication scheme used by the client.
|
// matching the authentication scheme used by the client.
|
||||||
// @codeCoverageIgnoreStart
|
// @codeCoverageIgnoreStart
|
||||||
if ($error === 'insufficient_scope') {
|
if ($error === 'invalid_token') {
|
||||||
$authScheme = null;
|
$authScheme = null;
|
||||||
$request = new Request();
|
$request = new Request();
|
||||||
if ($request->server('PHP_AUTH_USER') !== null) {
|
if ($request->server('PHP_AUTH_USER') !== null) {
|
||||||
|
@ -38,8 +38,8 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
|
|||||||
public function test_getExceptionHttpHeaders()
|
public function test_getExceptionHttpHeaders()
|
||||||
{
|
{
|
||||||
$this->assertEquals(array('HTTP/1.1 400 Bad Request'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_request'));
|
$this->assertEquals(array('HTTP/1.1 400 Bad Request'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_request'));
|
||||||
$this->assertEquals(array('HTTP/1.1 401 Unauthorized'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_token'));
|
$this->assertContains('HTTP/1.1 401 Unauthorized', League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_token'));
|
||||||
$this->assertContains('HTTP/1.1 403 Forbidden', League\OAuth2\Server\Resource::getExceptionHttpHeaders('insufficient_scope'));
|
$this->assertEquals(array('HTTP/1.1 403 Forbidden'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('insufficient_scope'));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function test_setRequest()
|
public function test_setRequest()
|
||||||
|
Loading…
x
Reference in New Issue
Block a user