fix(jans-auth-server): introspection endpoint returns error for valid…

… basic client authentication and invalid token #9093 (#9114) Signed-off-by: YuriyZ <[email protected]>
JanssenProject · Aug 5, 2024 · 480ee64 · 480ee64
1 parent 8f86cb8
commit 480ee64
Showing 1 changed file with 14 additions and 3 deletions.
diff --git a/...r/server/src/main/java/io/jans/as/server/introspection/ws/rs/IntrospectionWebService.java b/...r/server/src/main/java/io/jans/as/server/introspection/ws/rs/IntrospectionWebService.java
@@ -126,8 +126,18 @@ private AuthorizationGrant validateAuthorization(String authorization, String to
             final Pair<AuthorizationGrant, Boolean> pair = getAuthorizationGrant(authorization, token);
             final AuthorizationGrant authorizationGrant = pair.getFirst();
             if (authorizationGrant == null) {
-                log.error("Authorization grant is null.");
-                throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).type(MediaType.APPLICATION_JSON_TYPE).entity(errorResponseFactory.errorAsJson(AuthorizeErrorResponseType.ACCESS_DENIED, "Authorization grant is null.")).build());
+                log.debug("Authorization grant is null.");
+                if (isTrue(pair.getSecond())) {
+                    log.debug("Returned {\"active\":false.");
+                    throw new WebApplicationException(Response.status(Response.Status.OK)
+                            .entity("{\"active\":false")
+                            .type(MediaType.APPLICATION_JSON_TYPE)
+                            .build());
+                }
+                throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED)
+                        .type(MediaType.APPLICATION_JSON_TYPE)
+                        .entity(errorResponseFactory.errorAsJson(AuthorizeErrorResponseType.ACCESS_DENIED, "Authorization grant is null."))
+                        .build());
             }
 
             final AbstractToken authorizationAccessToken = authorizationGrant.getAccessToken(tokenService.getToken(authorization));
@@ -334,8 +344,9 @@ private Pair<AuthorizationGrant, Boolean> isBasicTokenValid(String authorization
             }
             return new Pair<>(grant, true);
         } else {
-            if (log.isTraceEnabled())
+            if (log.isTraceEnabled()) {
                 log.trace("Failed to perform basic authentication for client: {}", clientId);
+            }
         }
         return EMPTY;
     }