From 86e92aaf1a3b2996aeeb10113d8f33677c2298fc Mon Sep 17 00:00:00 2001
From: Romain Caire <supercairos@users.noreply.github.com>
Date: Sun, 31 Mar 2024 16:47:38 +0200
Subject: [PATCH] fix: wrong error code returned in case of inactive token
 (#3441)

Signed-off-by: Romain Caire <super.cairos@gmail.com>
---
 server/introspectionhandler.go      | 2 +-
 server/introspectionhandler_test.go | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/server/introspectionhandler.go b/server/introspectionhandler.go
index a33f20bd..f0d1f807 100644
--- a/server/introspectionhandler.go
+++ b/server/introspectionhandler.go
@@ -340,7 +340,7 @@ func introspectInactiveErr(w http.ResponseWriter) {
 	w.Header().Set("Cache-Control", "no-store")
 	w.Header().Set("Pragma", "no-cache")
 	w.Header().Set("Content-Type", "application/json")
-	w.WriteHeader(401)
+	w.WriteHeader(200)
 	json.NewEncoder(w).Encode(struct {
 		Active bool `json:"active"`
 	}{Active: false})
diff --git a/server/introspectionhandler_test.go b/server/introspectionhandler_test.go
index 07504c4e..2b17c2e9 100644
--- a/server/introspectionhandler_test.go
+++ b/server/introspectionhandler_test.go
@@ -300,7 +300,7 @@ func TestHandleIntrospect(t *testing.T) {
 			testName:           "Access Token: wrong",
 			token:              "fake-token",
 			response:           inactiveResponse,
-			responseStatusCode: 401,
+			responseStatusCode: 200,
 		},
 		// Refresh token tests
 		{
@@ -313,13 +313,13 @@ func TestHandleIntrospect(t *testing.T) {
 			testName:           "Refresh Token: expired",
 			token:              expiredRefreshToken,
 			response:           inactiveResponse,
-			responseStatusCode: 401,
+			responseStatusCode: 200,
 		},
 		{
 			testName:           "Refresh Token: active => false (wrong)",
 			token:              "fake-token",
 			response:           inactiveResponse,
-			responseStatusCode: 401,
+			responseStatusCode: 200,
 		},
 	}
 
@@ -380,7 +380,7 @@ func TestIntrospectErrHelper(t *testing.T) {
 		{
 			testName:      "Inactive Token",
 			err:           newIntrospectInactiveTokenError(),
-			resStatusCode: http.StatusUnauthorized,
+			resStatusCode: http.StatusOK,
 			resBody:       "{\"active\":false}\n",
 		},
 		{
-- 
GitLab