Announcement Announcement Module
No announcement yet.
token expiration: 'covered' by another exception Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • token expiration: 'covered' by another exception

    In my resource server, When DefaultTokenService.loadAuthentication() check the access-token and notices that is has been expired, it throws InvalidTokenException with message "Access token expired".

    But then, when it is caught by the OAuthRestTemplate, it throws a brand-new OAuth2AccessDeniedException with a message "Invalid token for client...". No trace for the token-expiration ... the user will have no knowledge why the token has no access.

    Is it a bug?

  • #2
    Maybe. My argument against is just that the OAuth2RestTemplate should try to re-authenticate if it gets an OAuth2AccessDeniedException so it really shouldn't matter what the underlying problem was. It only retries once. So if you can think of a scenario where the second failure should reveal the detail of the expiry then maybe we should talk about it in JIRA.