node-oauth2-server icon indicating copy to clipboard operation
node-oauth2-server copied to clipboard
verified publisher icon oauthjs

Wrong error message when invalid request for password grant

Open lemagicien00 opened this issue 5 years ago • 0 comments

When I request an access token with 'password' grant and requireClientAuthentication to false. If 'grant_type' parameter is missing or invalid, I got the folowing error message:

{
    "error": "invalid_client",
    "error_description": "Invalid client: cannot retrieve client credentials"
}

But we should receive the following error messages:

//For missing grant type
{
    "error": "invalid_request",
    "error_description": "Missing parameter: `grant_type`"
}

//For invalid grant type
{
    "error": "unsupported_grant_type",
    "error_description": "Unsupported grant type: `grant_type` is invalid"
}

The cause: Module call 'getClientCredentials' before grant type verification. And during this test

if (!this.isClientAuthenticationRequired(grantType))

isClientAuthenticationRequired function return true, which implies a client verification, via client id and client secret. And as in this case, only the 'client_id' is provided, this causes the error to return 'invalid_client'

best regards.

lemagicien00 avatar Nov 06 '20 02:11 lemagicien00