Fix OIDC message when calling technical endpoints with cookies (#2475)

reject-browser-part-of-url
Maxime Besson 4 years ago
parent 09d727410c
commit 5a8c20584b
  1. 5
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm

@ -2028,8 +2028,9 @@ sub checkSession {
sub badAuthRequest {
my ( $self, $req ) = @_;
return $self->p->sendError( $req,
$req->uri . ' may not be called by an authenticated user', 400 );
my $desc =
"This endpoint is not supposed to be called by authenticated users";
return $self->sendOIDCError( $req, 'invalid_request', 400, $desc );
}
# Nothing to do here

Loading…
Cancel
Save