diff --git a/pom.xml b/pom.xml
index 4dad707d..f53ab5ec 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
io.gravitee.policy
gravitee-policy-oauth2
- 3.0.3
+ 3.0.4-apim-3382-SNAPSHOT
Gravitee.io APIM - Policy - OAuth2
Check access token validity during request processing using token introspection
@@ -39,9 +39,9 @@
1.11.0
4.0.0
2.1.1
- 4.0.0-SNAPSHOT
+ 4.0.0
1.1.0
- 1.3.0
+ 1.4.0
1.4.0
9.15.2
31.1-jre
diff --git a/src/main/java/io/gravitee/policy/oauth2/Oauth2Policy.java b/src/main/java/io/gravitee/policy/oauth2/Oauth2Policy.java
index 6b15bd9f..f6609ca8 100644
--- a/src/main/java/io/gravitee/policy/oauth2/Oauth2Policy.java
+++ b/src/main/java/io/gravitee/policy/oauth2/Oauth2Policy.java
@@ -100,6 +100,9 @@ public Maybe extractSecurityToken(HttpExecutionContext ctx) {
if (introspectionResult.hasClientId()) {
return Maybe.just(SecurityToken.forClientId(introspectionResult.getClientId()));
}
+ if (introspectionResult.getOauth2ResponseThrowable() != null) {
+ return Maybe.error(introspectionResult.getOauth2ResponseThrowable());
+ }
return Maybe.just(SecurityToken.invalid(SecurityToken.TokenType.CLIENT_ID));
});
}
diff --git a/src/test/java/io/gravitee/policy/oauth2/Oauth2PolicyTest.java b/src/test/java/io/gravitee/policy/oauth2/Oauth2PolicyTest.java
index e93cac38..802332a3 100644
--- a/src/test/java/io/gravitee/policy/oauth2/Oauth2PolicyTest.java
+++ b/src/test/java/io/gravitee/policy/oauth2/Oauth2PolicyTest.java
@@ -67,6 +67,7 @@
import io.gravitee.resource.cache.api.Cache;
import io.gravitee.resource.cache.api.CacheResource;
import io.gravitee.resource.oauth2.api.OAuth2Resource;
+import io.gravitee.resource.oauth2.api.OAuth2ResourceException;
import io.gravitee.resource.oauth2.api.OAuth2Response;
import io.reactivex.rxjava3.core.Completable;
import io.reactivex.rxjava3.observers.TestObserver;
@@ -524,6 +525,18 @@ void extractSecurityTokenShouldReturnEmptyWhenTokenIsPresentButIntrospectionFail
obs.assertComplete().assertValueCount(0);
}
+ @Test
+ void extractSecurityTokenShouldReturnInvalidTokenWhenIntrospectionInError() {
+ prepareOauth2Resource();
+ String token = prepareToken();
+ OAuth2ResourceException errorDuringIntrospection = new OAuth2ResourceException("Error during introspection");
+ prepareIntrospection(token, errorDuringIntrospection);
+
+ final TestObserver obs = cut.extractSecurityToken(ctx).test();
+
+ obs.assertError(errorDuringIntrospection);
+ }
+
@Test
void extractSecurityTokenShouldReturnTokenWhenTokenIsPresentAndIntrospectionSucceed() throws IOException {
prepareOauth2Resource();
@@ -587,6 +600,20 @@ private void prepareIntrospection(String token, String payload, boolean success)
.introspect(eq(token), any(Handler.class));
}
+ private void prepareIntrospection(String token, Throwable throwable) {
+ final OAuth2Response oAuth2Response = mock(OAuth2Response.class);
+ lenient().when(oAuth2Response.isSuccess()).thenReturn(false);
+ lenient().when(oAuth2Response.getPayload()).thenReturn(throwable.getMessage());
+ lenient().when(oAuth2Response.getThrowable()).thenReturn(throwable);
+
+ doAnswer(i -> {
+ i.>getArgument(1).handle(oAuth2Response);
+ return null;
+ })
+ .when(oAuth2Resource)
+ .introspect(eq(token), any(Handler.class));
+ }
+
private void verifyInterruptWith(int httpStatus, String key, final String message) {
verify(ctx)
.interruptWith(