-
-
Notifications
You must be signed in to change notification settings - Fork 358
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Non-conformant error responses #525
Comments
Yes, I can. Should we remove So should I use my proposed syntax with |
I think we can keep
I think it is more standard to have a dot as a delimiter for OAuth2 error messages but if it makes more sense (from a language point) to have |
I can try dot. Probably in both cases there will be some error message combinations which will be strange to read for a human because of wrong way how things got combined. In go I have seen that errors get combined with |
We can of course also modify the hint messages so that they become easier to read! |
That I will leave to you. :-) If you want to take a stab at it. Probably we should go over all of them and check. Also you should remove any |
Fair enough ;) |
@mitar since I am working on this anyways right now, I can also just give it a shot if that's ok for you! |
Sure. |
So it looks like newlines are ok, the only character not allowed but being used is |
Replace LF and quotes with `.` and `'` to match allowed and recommended character set defined in various RFCs. Closes #525
Replace LF and quotes with `.` and `'` to match allowed and recommended character set defined in various RFCs. Closes #525
Replace LF and quotes with `.` and `'` to match allowed and recommended character set defined in various RFCs. Closes #525
Describe the bug
We recently changed the way
error_description
and other error fields are generated. This unfortunately caused two warnings and one failure in the OpenID Connect Conformity Test Suite, specifically theoidcc-response-type-missing
test.To Reproduce
The full test log can be seen here: test-log-oidcc-response-type-missing-client_secret_basic-discovery-code-default-dynamic_client-8XprPDGkiQ09O8v.zip
WARNING:
error_hint
is unexpectedI think this can be ignored
WARNING:
error_hint
is unexpectedI think this can be ignored
WARNING error_description has CR LF or TAB
This should be fixed
ERROR invalid characters in error_description
Expected behavior
The test should pass.
Environment
ORY Fosite
v0.34.1
Additional context
/cc @mitar could you take a look maybe?
The text was updated successfully, but these errors were encountered: