Revert "return error if introspection request is missing a token"

This reverts commit 8bbddc3.
nuts-foundation · Oct 8, 2024 · 0fe5aae · 0fe5aae
1 parent 8bbddc3
commit 0fe5aae
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 28 deletions.
diff --git a/auth/api/iam/api.go b/auth/api/iam/api.go
@@ -337,9 +337,6 @@ func (r Wrapper) RetrieveAccessToken(_ context.Context, request RetrieveAccessTo
 // IntrospectAccessToken allows the resource server (XIS/EHR) to introspect details of an access token issued by this node
 func (r Wrapper) IntrospectAccessToken(_ context.Context, request IntrospectAccessTokenRequestObject) (IntrospectAccessTokenResponseObject, error) {
 	input := request.Body.Token
-	if input == "" {
-		return nil, core.InvalidInputError("missing token")
-	}
 	response, err := r.introspectAccessToken(input)
 	if err != nil {
 		return nil, err
@@ -368,9 +365,9 @@ func (r Wrapper) IntrospectAccessTokenExtended(_ context.Context, request Intros
 func (r Wrapper) introspectAccessToken(input string) (*ExtendedTokenIntrospectionResponse, error) {
 	// Validate token
 	if input == "" {
-		// `token` is REQUIRED per RFC7662
-		// The input is also empty when using the wrong Content-Type
-		return nil, core.InvalidInputError("missing token")
+		// Return 200 + 'Active = false' when token is invalid or malformed
+		log.Logger().Debug("IntrospectAccessToken: missing token")
+		return nil, nil
 	}
 
 	token := AccessToken{}

diff --git a/auth/api/iam/api_test.go b/auth/api/iam/api_test.go
@@ -629,8 +629,8 @@ func TestWrapper_IntrospectAccessToken(t *testing.T) {
 	// validate all fields are there after introspection
 	t.Run("error - no token provided", func(t *testing.T) {
 		res, err := ctx.client.IntrospectAccessToken(context.Background(), IntrospectAccessTokenRequestObject{Body: &TokenIntrospectionRequest{Token: ""}})
-		assert.ErrorIs(t, err, core.InvalidInputError("missing token"))
-		assert.Nil(t, res)
+		require.NoError(t, err)
+		assert.Equal(t, res, IntrospectAccessToken200JSONResponse{})
 	})
 	t.Run("error - other store error", func(t *testing.T) {
 		// token is invalid JSON

diff --git a/auth/api/iam/generated.go b/auth/api/iam/generated.go
diff --git a/docs/_static/auth/v2.yaml b/docs/_static/auth/v2.yaml
@@ -209,8 +209,6 @@ paths:
             application/json:
               schema:
                 $ref: "#/components/schemas/TokenIntrospectionResponse"
-        '400':
-          description: No token received. Possibly due to wrong Content-Type.
         '401':
           description: |
             This is returned when an OAuth2 Client is unauthorized to talk to the introspection endpoint.
@@ -239,8 +237,6 @@ paths:
             application/json:
               schema:
                 $ref: "#/components/schemas/ExtendedTokenIntrospectionResponse"
-        '400':
-          description: No token received. Possibly due to wrong Content-Type.
         '401':
           description: |
             This is returned when an OAuth2 Client is unauthorized to talk to the introspection endpoint.