Oct 10th, 2012, 09:52 AM
token expiration: 'covered' by another exception
In my resource server, When DefaultTokenService.loadAuthentication() check the access-token and notices that is has been expired, it throws InvalidTokenException with message "Access token expired".
But then, when it is caught by the OAuthRestTemplate, it throws a brand-new OAuth2AccessDeniedException with a message "Invalid token for client...". No trace for the token-expiration ... the user will have no knowledge why the token has no access.
Is it a bug?