Title
403 error when client sent invalid token (expired, format error, etc.)
Summary
Gogatekeeper response 403 error
Environment
Any version GogateKeeper
Expected Results
Send 401 error when the client sent invalid token instead 403
Actual Results
Steps to reproduce
Option no-redirects: true
and sent any header , like Authorization: Bearer xxxxxxx
Additional Information
RFC https://datatracker.ietf.org/doc/html/rfc6750#section-3.1
invalid_token
The access token provided is expired, revoked, malformed, or
invalid for other reasons. The resource SHOULD respond with
the HTTP 401 (Unauthorized) status code. The client MAY
request a new access token and retry the protected resource
request.
Title
403 error when client sent invalid token (expired, format error, etc.)
Summary
Gogatekeeper response 403 error
Environment
Any version GogateKeeper
Expected Results
Send 401 error when the client sent invalid token instead 403
Actual Results
Steps to reproduce
Option no-redirects: true
and sent any header , like Authorization: Bearer xxxxxxx
Additional Information
RFC https://datatracker.ietf.org/doc/html/rfc6750#section-3.1
invalid_token
The access token provided is expired, revoked, malformed, or
invalid for other reasons. The resource SHOULD respond with
the HTTP 401 (Unauthorized) status code. The client MAY
request a new access token and retry the protected resource
request.