Oauth authorization errors not reported in in 401 response
Bug #1522298 reported by
Robert Ancell
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ratings and Reviews server |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
If OAuth authorization fails, the server always returns 401 'Authorization Required'. This makes it very hard to debug why the authorization has failed (In my case I was missing an OAuth parameter - bug 1522297). It would be nice if the text was changed to indicate why authorization failed (piston seems to have helpful text in the OAuthError exception).
It may be possible this information is not provided for security purposes?
To post a comment you must log in.
Hello Robert!
As you guessed, this information is not provided for security reasons. To debug your signatures, I would suggest using this site:
http:// nouncer. com/oauth/ authentication. html
Where you can customize all the parameters and ensure the signature you built is correct. I hope that helps. Closing as Wont fix.