challenger

OAuth 2.0-based authentication service that validates user can receive messages at a certain address
Log | Files | Refs | Submodules | README | LICENSE

commit 2c0f25cbe7df11678fd8a1bab917b6039bb5e941
parent d55e060c6131f135478f62daee643b473c47054e
Author: Christian Grothoff <grothoff@gnunet.org>
Date:   Tue, 14 Jul 2026 19:32:06 +0200

fix HTTP status code mismatch with oauth2 spec

Diffstat:
Msrc/challenger/challenger-httpd_token.c | 38++++++++++++++++++--------------------
1 file changed, 18 insertions(+), 20 deletions(-)

diff --git a/src/challenger/challenger-httpd_token.c b/src/challenger/challenger-httpd_token.c @@ -409,7 +409,7 @@ CH_handler_token (struct CH_HandlerContext *hc, GNUNET_break_op (0); return CH_reply_with_oauth_error ( hc->connection, - MHD_HTTP_UNAUTHORIZED, + MHD_HTTP_BAD_REQUEST, "invalid_grant", TALER_EC_CHALLENGER_CLIENT_FORBIDDEN_BAD_CODE, NULL); @@ -641,7 +641,7 @@ CH_handler_token (struct CH_HandlerContext *hc, GNUNET_free (encoded_hash); return CH_reply_with_oauth_error ( hc->connection, - MHD_HTTP_UNAUTHORIZED, + MHD_HTTP_BAD_REQUEST, "invalid_grant", TALER_EC_CHALLENGER_CLIENT_FORBIDDEN_BAD_CODE, "code_verifier does not match code_challenge (SHA256)"); @@ -650,24 +650,22 @@ CH_handler_token (struct CH_HandlerContext *hc, } break; case CHALLENGER_CM_PLAIN: + if (0 != ct_strcmp (bc->code_verifier, + code_challenge)) { - if (0 != ct_strcmp (bc->code_verifier, - code_challenge)) - { - GNUNET_break_op (0); - json_decref (address); - GNUNET_free (client_scope); - GNUNET_free (client_secret); - GNUNET_free (client_redirect_uri); - GNUNET_free (client_state); - GNUNET_free (code_challenge); - return CH_reply_with_oauth_error ( - hc->connection, - MHD_HTTP_UNAUTHORIZED, - "invalid_grant", - TALER_EC_CHALLENGER_CLIENT_FORBIDDEN_BAD_CODE, - "code_verifier does not match code_challenge (PLAIN)"); - } + GNUNET_break_op (0); + json_decref (address); + GNUNET_free (client_scope); + GNUNET_free (client_secret); + GNUNET_free (client_redirect_uri); + GNUNET_free (client_state); + GNUNET_free (code_challenge); + return CH_reply_with_oauth_error ( + hc->connection, + MHD_HTTP_BAD_REQUEST, + "invalid_grant", + TALER_EC_CHALLENGER_CLIENT_FORBIDDEN_BAD_CODE, + "code_verifier does not match code_challenge (PLAIN)"); } break; case CHALLENGER_CM_UNKNOWN: @@ -721,7 +719,7 @@ CH_handler_token (struct CH_HandlerContext *hc, GNUNET_free (code); return CH_reply_with_oauth_error ( hc->connection, - MHD_HTTP_UNAUTHORIZED, + MHD_HTTP_BAD_REQUEST, "invalid_grant", TALER_EC_CHALLENGER_CLIENT_FORBIDDEN_BAD_CODE, "code");