I have implemented OAuth2 client_credentials grant type functionality. But when I pass different grant type (let’s say password or any invalid value) the policy is not failing. This is happening when we disable GrantTypeResponse (). The policy should have failed and reached to fault flow like when we pass invalid basic auth. Is this bug or expected behavior.
The proxy code is attached.
Hi @Sujnana Rai, I have checked it using a sample OAuth proxy & I can reproduce the issue. I am not sure if it’s a bug or expected behaviour.
If you want to enter fault flow, as a workaround use a Raise Fault before OAuth & add a Condition to raise a fault if grant_type not equals to client_credentails.
Yes, we already implemented this. I just wanted to check whether this is a bug or expected behavior. Thanks.
