You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On API consumer side, the method TokenRefreshHandlerImpl.createTokenRefreshRequest() adds the "Content-Type" header "application/x-www-form-urlencoded" to the token refresh request, but adds the parameters "grant_type" and "refresh_token" as query parameters of the URL rather than as urlencoded body.
The corresponding documention correctly adds these parameters as urlencoded body in the HTTP request.
To Reproduce
Adding the "Content-Type" header "application/x-www-form-urlencoded", which describes the format of the HTTP body, and providing a zero-length HTTP body is inconsistent. The implementation also deviates from the documentation. Additionally, this leads to an incompatibility between EDC 0.7.2 and 0.7.3 when refreshing the EDR token, which is why we found this issue.
Expected behavior
Either send/receive the parameters as urlencoded body or remove the "Content-Type" header "application/x-www-form-urlencoded" and adapt the documentation. As tokens tend to be long and different environments may have different restrictions regarding URL length, it's probably the better idea to urlencode the parameters in the body as defined in the documentation.
Screenshots/Error Messages
N/A
Context Information
Used version: EDC 0.7.2 and 0.7.3 (but seems still to be on main, too)
Please be aware, that fixing this according to either of the proposals mentioned as expected behavior again breaks the EDR token refresh. So, best is to keep this as a known issue until the first major release of Tractus-X EDC.
Possible Implementation
Use URLEncoder.
The text was updated successfully, but these errors were encountered:
Describe the bug
On API consumer side, the method TokenRefreshHandlerImpl.createTokenRefreshRequest() adds the "Content-Type" header "application/x-www-form-urlencoded" to the token refresh request, but adds the parameters "grant_type" and "refresh_token" as query parameters of the URL rather than as urlencoded body.
On API provider side, the method TokenRefreshApiController.refreshToken() also adds the parameters as query parameters.
The corresponding documention correctly adds these parameters as urlencoded body in the HTTP request.
To Reproduce
Adding the "Content-Type" header "application/x-www-form-urlencoded", which describes the format of the HTTP body, and providing a zero-length HTTP body is inconsistent. The implementation also deviates from the documentation. Additionally, this leads to an incompatibility between EDC 0.7.2 and 0.7.3 when refreshing the EDR token, which is why we found this issue.
Expected behavior
Either send/receive the parameters as urlencoded body or remove the "Content-Type" header "application/x-www-form-urlencoded" and adapt the documentation. As tokens tend to be long and different environments may have different restrictions regarding URL length, it's probably the better idea to urlencode the parameters in the body as defined in the documentation.
Screenshots/Error Messages
N/A
Context Information
Please be aware, that fixing this according to either of the proposals mentioned as expected behavior again breaks the EDR token refresh. So, best is to keep this as a known issue until the first major release of Tractus-X EDC.
Possible Implementation
Use URLEncoder.
The text was updated successfully, but these errors were encountered: