Spring-security-oauth: NullPointerException if refresh_token not set

Created on 6 Jan 2017  ·  1Comment  ·  Source: spring-projects/spring-security-oauth

I did a mistake in one of my clients and forget to set the refresh_token.
I use oauth2 within spring-boot version 1.4.2.RELEASE. I try to get an access-token with a refresh-token but do not set the refresh token:
Request:
---> POST http://XXX/oauth/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json
Content-Length: 24
Authorization: Basic XXX

grant_type=refresh_token

Response:
<--- HTTP/1.1 500 (78ms)
Transfer-Encoding: chunked
X-Frame-Options: DENY
Cache-Control: no-store
X-Content-Type-Options: nosniff
Connection: close
Pragma: no-cache
X-XSS-Protection: 1; mode=block
X-Application-Context: XXX
Date: Fri, 06 Jan 2017 12:36:41 GMT
Content-Type: application/json;charset=UTF-8

{"error":"server_error","error_description":null}

I think it would be better if the code would be 400 with the description “refresh token not present” or similar. That would have helped me.

oauth2 bug

Most helpful comment

>All comments

Was this page helpful?
0 / 5 - 0 ratings