Polish Error Messages for OpaqueTokenIntrospectors

Author: jzheaux

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java

@@ -1127,7 +1127,7 @@ public void getWhenIntrospectionFailsThenUnauthorized() throws Exception {
 				.with(bearerToken("token")))
 				.andExpect(status().isUnauthorized())
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE,
-						containsString("Provided token [token] isn't active")));
+						containsString("Provided token isn't active")));
 	}
 
 	@Test

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospector.java

@@ -133,7 +133,7 @@ private MultiValueMap<String, String> requestBody(String token) {
 	public OAuth2AuthenticatedPrincipal introspect(String token) {
 		RequestEntity<?> requestEntity = this.requestEntityConverter.convert(token);
 		if (requestEntity == null) {
-			throw new OAuth2IntrospectionException("Provided token [" + token + "] isn't active");
+			throw new OAuth2IntrospectionException("requestEntityConverter returned a null entity");
 		}
 
 		ResponseEntity<String> responseEntity = makeRequest(requestEntity);
@@ -143,7 +143,7 @@ public OAuth2AuthenticatedPrincipal introspect(String token) {
 
 		// relying solely on the authorization server to validate this token (not checking 'exp', for example)
 		if (!introspectionSuccessResponse.isActive()) {
-			throw new OAuth2IntrospectionException("Provided token [" + token + "] isn't active");
+			throw new OAuth2IntrospectionException("Provided token isn't active");
 		}
 
 		return convertClaimsSet(introspectionSuccessResponse);

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospector.java

@@ -154,7 +154,7 @@ private TokenIntrospectionSuccessResponse castToNimbusSuccess(TokenIntrospection
 	private void validate(String token, TokenIntrospectionSuccessResponse response) {
 		// relying solely on the authorization server to validate this token (not checking 'exp', for example)
 		if (!response.isActive()) {
-			throw new OAuth2IntrospectionException("Provided token [" + token + "] isn't active");
+			throw new OAuth2IntrospectionException("Provided token isn't active");
 		}
 	}
 

oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusOpaqueTokenIntrospectorTests.java

@@ -168,7 +168,7 @@ public void introspectWhenInactiveTokenThenInvalidToken() {
 		assertThatCode(() -> introspectionClient.introspect("token"))
 				.isInstanceOf(OAuth2IntrospectionException.class)
 				.extracting("message")
-				.containsExactly("Provided token [token] isn't active");
+				.containsExactly("Provided token isn't active");
 	}
 
 	@Test

oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/introspection/NimbusReactiveOpaqueTokenIntrospectorTests.java

@@ -142,7 +142,7 @@ public void authenticateWhenInactiveTokenThenInvalidToken() {
 		assertThatCode(() -> introspectionClient.introspect("token").block())
 				.isInstanceOf(OAuth2IntrospectionException.class)
 				.extracting("message")
-				.containsExactly("Provided token [token] isn't active");
+				.containsExactly("Provided token isn't active");
 	}
 
 	@Test