I have implemented OAuth2 client_credentials grant type functionality. But when I pass different grant type (let's say password or any invalid value) the policy is not failing. This is happening when we disable GrantTypeResponse (<GenerateResponse enabled="false"/>). The policy should have failed and reached to fault flow like when we pass invalid basic auth. Is this bug or expected behavior.
The proxy code is attached.
Hi @Sujnana Rai, I have checked it using a sample OAuth proxy & I can reproduce the issue. I am not sure if it's a bug or expected behaviour.
If you want to enter fault flow, as a workaround use a Raise Fault before OAuth & add a Condition to raise a fault if grant_type not equals to client_credentails.
Yes, we already implemented this. I just wanted to check whether this is a bug or expected behavior. Thanks.
User | Count |
---|---|
7 | |
2 | |
2 | |
2 | |
1 |