OAuth2 policy is not failing when we pass different grant_type

Not applicable

I have implemented OAuth2 client_credentials grant type functionality. But when I pass different grant type (let's say password or any invalid value) the policy is not failing. This is happening when we disable GrantTypeResponse (<GenerateResponse enabled="false"/>). The policy should have failed and reached to fault flow like when we pass invalid basic auth. Is this bug or expected behavior.

The proxy code is attached.

token-management-api-rev3-2018-03-20.zip

0 2 83
2 REPLIES 2

sidd-harth
Participant V

Hi @Sujnana Rai, I have checked it using a sample OAuth proxy & I can reproduce the issue. I am not sure if it's a bug or expected behaviour.

If you want to enter fault flow, as a workaround use a Raise Fault before OAuth & add a Condition to raise a fault if grant_type not equals to client_credentails.

6606-oauth-raisefault.jpg

Yes, we already implemented this. I just wanted to check whether this is a bug or expected behavior. Thanks.