Merge pull request #87 from lifeway/align-status-codes-rfc

Error Status code RFC alignment

Author: tsuyoshizawa

scala-oauth2-core/src/main/scala/scalaoauth2/provider/GrantHandler.scala

@@ -8,7 +8,8 @@ case class GrantHandlerResult[U](
   accessToken: String,
   expiresIn: Option[Long],
   refreshToken: Option[String],
-  scope: Option[String])
+  scope: Option[String]
+)
 
 trait GrantHandler {
   /**

scala-oauth2-core/src/main/scala/scalaoauth2/provider/OAuthException.scala

@@ -20,13 +20,13 @@ class InvalidClient(description: String = "") extends OAuthError(401, descriptio
 
 }
 
-class UnauthorizedClient(description: String = "") extends OAuthError(401, description) {
+class UnauthorizedClient(description: String = "") extends OAuthError(description) {
 
   override val errorType = "unauthorized_client"
 
 }
 
-class RedirectUriMismatch(description: String = "") extends OAuthError(401, description) {
+class RedirectUriMismatch(description: String = "") extends OAuthError(description) {
 
   override val errorType = "redirect_uri_mismatch"
 
@@ -44,7 +44,7 @@ class UnsupportedResponseType(description: String = "") extends OAuthError(descr
 
 }
 
-class InvalidGrant(description: String = "") extends OAuthError(401, description) {
+class InvalidGrant(description: String = "") extends OAuthError(description) {
 
   override val errorType = "invalid_grant"
 
@@ -56,7 +56,7 @@ class UnsupportedGrantType(description: String = "") extends OAuthError(descript
 
 }
 
-class InvalidScope(description: String = "") extends OAuthError(401, description) {
+class InvalidScope(description: String = "") extends OAuthError(description) {
 
   override val errorType = "invalid_scope"
 
@@ -74,7 +74,7 @@ class ExpiredToken() extends OAuthError(401, "The access token expired") {
 
 }
 
-class InsufficientScope(description: String = "") extends OAuthError(401, description) {
+class InsufficientScope(description: String = "") extends OAuthError(403, description) {
 
   override val errorType = "insufficient_scope"
 

scala-oauth2-core/src/test/scala/scalaoauth2/provider/OAuthErrorsSpec.scala

@@ -0,0 +1,51 @@
+package scalaoauth2.provider
+
+import org.scalatest.Matchers._
+import org.scalatest._
+
+class OAuthErrorsSpec extends FlatSpec {
+
+  behavior of "OAuth Error Handling RFC 6749 Section 5.2"
+
+  it should "produce a 400 status code for invalid_request" in {
+    new InvalidRequest().statusCode should be(400)
+  }
+
+  it should "produce a 401 status code for invalid_client" in {
+    new InvalidClient().statusCode should be(401)
+  }
+
+  it should "produce a 400 status code for invalid_grant" in {
+    new InvalidGrant().statusCode should be(400)
+  }
+
+  it should "produce a 400 status code for unauthorized_client" in {
+    new UnauthorizedClient().statusCode should be(400)
+  }
+
+  it should "produce a 400 status code for unsupported_grant_type" in {
+    new UnsupportedGrantType().statusCode should be(400)
+  }
+
+  it should "produce a 400 status code for invalid_scope" in {
+    new InvalidScope().statusCode should be(400)
+  }
+
+  it should "produce a 400 status code for redirect_uri_mismatch" in {
+    new RedirectUriMismatch().statusCode should be(400)
+  }
+
+  behavior of "OAuth Error Handling for Bearer Tokens RFC 6750 Section 3.1"
+
+  it should "produce a 400 status code for invalid_request" in {
+    new InvalidRequest().statusCode should be(400)
+  }
+
+  it should "produce a 401 status code for invalid_token" in {
+    new InvalidToken().statusCode should be(401)
+  }
+
+  it should "produce a 403 status code for insufficient_scope" in {
+    new InsufficientScope().statusCode should be(403)
+  }
+}