diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTimestampValidator.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTimestampValidator.java index 0fb72aca00..d191b8b11a 100644 --- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTimestampValidator.java +++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTimestampValidator.java @@ -90,7 +90,7 @@ public final class JwtTimestampValidator implements OAuth2TokenValidator { private OAuth2Error createOAuth2Error(String reason) { this.logger.debug(reason); - return new OAuth2Error(OAuth2ErrorCodes.INVALID_REQUEST, reason, + return new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, reason, "https://tools.ietf.org/html/rfc6750#section-3.1"); } diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java index e2817ff507..7f8a093ad3 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java @@ -28,6 +28,7 @@ import java.util.stream.Collectors; import org.junit.jupiter.api.Test; import org.springframework.security.oauth2.core.OAuth2Error; +import org.springframework.security.oauth2.core.OAuth2ErrorCodes; import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult; import org.springframework.security.oauth2.jose.jws.JwsAlgorithms; @@ -109,6 +110,7 @@ public class JwtTimestampValidatorTests { .collect(Collectors.toList()); // @formatter:on assertThat(result.hasErrors()).isTrue(); + assertThat(result.getErrors().iterator().next().getErrorCode()).isEqualTo(OAuth2ErrorCodes.INVALID_TOKEN); assertThat(messages).contains("Jwt used before " + justOverOneDayFromNow); }