302 response from server invalid on Native?

[penguinone]

Hi-

I'm working with the Native flow (profile?) on OAuth2. I have 1.0.0.M3.

When I call the /oauth/authorize with invalid client details, I get the proper error values specified by the spec (http://tools.ietf.org/html/draft-iet...ection-3.2.1):

Response:
{
"error": "invalid_client",
"error_description": "Client not found for: idonotexist"
}

However, when I pass invalid user credentials, I'm getting a 302 redirect with response parameters and its directing me to my login jsp page.

I'm assuming I have something configured wrong, but how do I get it configured so that i get:

Response:
{
"error": "access_denied",
"error_description": "Invalid username or password"
}

Since this is a native flow I do not want to have the end user look for a log in page in the response.

Thanks very much in advance.

Cory

[stoicflame]

I'm suspecting that the 302 is getting applied by some kind of non-oauth spring security filter. Can you provide a test case to the sparklr2 application that exposes the problem? Take a look at org.springframework.security.oauth2.provider.TestN ativeApplicationProfile...