commit 2c0f25cbe7df11678fd8a1bab917b6039bb5e941
parent d55e060c6131f135478f62daee643b473c47054e
Author: Christian Grothoff <grothoff@gnunet.org>
Date: Tue, 14 Jul 2026 19:32:06 +0200
fix HTTP status code mismatch with oauth2 spec
Diffstat:
1 file changed, 18 insertions(+), 20 deletions(-)
diff --git a/src/challenger/challenger-httpd_token.c b/src/challenger/challenger-httpd_token.c
@@ -409,7 +409,7 @@ CH_handler_token (struct CH_HandlerContext *hc,
GNUNET_break_op (0);
return CH_reply_with_oauth_error (
hc->connection,
- MHD_HTTP_UNAUTHORIZED,
+ MHD_HTTP_BAD_REQUEST,
"invalid_grant",
TALER_EC_CHALLENGER_CLIENT_FORBIDDEN_BAD_CODE,
NULL);
@@ -641,7 +641,7 @@ CH_handler_token (struct CH_HandlerContext *hc,
GNUNET_free (encoded_hash);
return CH_reply_with_oauth_error (
hc->connection,
- MHD_HTTP_UNAUTHORIZED,
+ MHD_HTTP_BAD_REQUEST,
"invalid_grant",
TALER_EC_CHALLENGER_CLIENT_FORBIDDEN_BAD_CODE,
"code_verifier does not match code_challenge (SHA256)");
@@ -650,24 +650,22 @@ CH_handler_token (struct CH_HandlerContext *hc,
}
break;
case CHALLENGER_CM_PLAIN:
+ if (0 != ct_strcmp (bc->code_verifier,
+ code_challenge))
{
- if (0 != ct_strcmp (bc->code_verifier,
- code_challenge))
- {
- GNUNET_break_op (0);
- json_decref (address);
- GNUNET_free (client_scope);
- GNUNET_free (client_secret);
- GNUNET_free (client_redirect_uri);
- GNUNET_free (client_state);
- GNUNET_free (code_challenge);
- return CH_reply_with_oauth_error (
- hc->connection,
- MHD_HTTP_UNAUTHORIZED,
- "invalid_grant",
- TALER_EC_CHALLENGER_CLIENT_FORBIDDEN_BAD_CODE,
- "code_verifier does not match code_challenge (PLAIN)");
- }
+ GNUNET_break_op (0);
+ json_decref (address);
+ GNUNET_free (client_scope);
+ GNUNET_free (client_secret);
+ GNUNET_free (client_redirect_uri);
+ GNUNET_free (client_state);
+ GNUNET_free (code_challenge);
+ return CH_reply_with_oauth_error (
+ hc->connection,
+ MHD_HTTP_BAD_REQUEST,
+ "invalid_grant",
+ TALER_EC_CHALLENGER_CLIENT_FORBIDDEN_BAD_CODE,
+ "code_verifier does not match code_challenge (PLAIN)");
}
break;
case CHALLENGER_CM_UNKNOWN:
@@ -721,7 +719,7 @@ CH_handler_token (struct CH_HandlerContext *hc,
GNUNET_free (code);
return CH_reply_with_oauth_error (
hc->connection,
- MHD_HTTP_UNAUTHORIZED,
+ MHD_HTTP_BAD_REQUEST,
"invalid_grant",
TALER_EC_CHALLENGER_CLIENT_FORBIDDEN_BAD_CODE,
"code");