spring-authorization-server icon indicating copy to clipboard operation
spring-authorization-server copied to clipboard
verified publisher icon spring-projects

Introspection with Bearer fails - principal is not assignable to OAuth2ClientAuthenticationToken

Open wheredoipressnow opened this issue 3 years ago • 0 comments

Introspection calls with bearer fail with invalid client error. In the OAuth2TokenIntrospectionAuthenticationProvider the call to getAuthenticatedClientElseThrowInvalidClient fails, JwtAuthenticationToken is not assignable to OAuth2ClientAuthenticationToken.

I would expect that a) that the introspection is handled. A bearer token could be accepted if the token used for authentication is not the same as the one to be inspected. rfc7662#section-2.1

or alternatively

b) the error message is more specific than 'invalid client' (especially since the client is successfully authenticated at this moment)

wheredoipressnow avatar Aug 10 '22 05:08 wheredoipressnow