Properly set the status code for errors according to Section 4.2.2.1 …

…of RFC 6749 and Section 3.1 of RFC 6750. Fixes for oauthjs#553.

lib/handlers/authenticate-handler.ts

@@ -91,27 +91,28 @@ export class AuthenticateHandler {
       // @see https://tools.ietf.org/html/rfc6750#section-3.1
       if (e instanceof UnauthorizedRequestError) {
         response.set('WWW-Authenticate', 'Bearer realm="Service"');
+        response.status = 401;
       } else if (e instanceof InvalidRequestError) {
         if (e.message) {
           response.set('WWW-Authenticate', `Bearer realm="Service",error="invalid_request",error_description="${e.message}"`);
-        }
-        else {
+        } else {
           response.set('WWW-Authenticate', `Bearer realm="Service",error="invalid_request"`);
         }
+        response.status = 400;
       } else if (e instanceof InvalidTokenError) {
         if (e.message) {
-          response.set('WWW-Authenticate', `Bearer realm="Service",error="invalid_token",error_description="${e.message}"`)
-        }
-        else {
+          response.set('WWW-Authenticate', `Bearer realm="Service",error="invalid_token",error_description="${e.message}"`);
+        } else {
           response.set('WWW-Authenticate', `Bearer realm="Service",error="invalid_token"`);
         }
+        response.status = 401;
       } else if (e instanceof InsufficientScopeError) {
         if (e.message) {
           response.set('WWW-Authenticate', `Bearer realm="Service",error="insufficient_scope",error_description="${e.message}"`);
-        }
-        else {
+        } else {
           response.set('WWW-Authenticate', `Bearer realm="Service",error="insufficient_scope"`);
         }
+        response.status = 403;
       }
 
       if (!(e instanceof OAuthError)) {

test/integration/handlers/authenticate-handler.spec.ts

@@ -156,6 +156,7 @@ describe('AuthenticateHandler integration', () => {
           response
             .get('WWW-Authenticate')
             .should.equal('Bearer realm="Service"');
+          response.status.should.equal(401);
         });
     });
 
@@ -175,6 +176,7 @@ describe('AuthenticateHandler integration', () => {
         })
         .catch(() => {
           response.get('WWW-Authenticate').should.equal('Bearer realm="Service",error="invalid_request",error_description="Bad Request"');
+          response.status.should.equal(400);
         });
     });
 
@@ -195,6 +197,7 @@ describe('AuthenticateHandler integration', () => {
         })
         .catch(() => {
           response.get('WWW-Authenticate').should.equal(`Bearer realm="Service",error="invalid_request",error_description="${errorDescription}"`);
+          response.status.should.equal(400);
         });
     });
 
@@ -214,6 +217,7 @@ describe('AuthenticateHandler integration', () => {
         })
         .catch(() => {
           response.get('WWW-Authenticate').should.equal('Bearer realm="Service",error="invalid_token",error_description="Unauthorized"');
+          response.status.should.equal(401);
         });
     });
 
@@ -234,6 +238,7 @@ describe('AuthenticateHandler integration', () => {
         })
         .catch(() => {
           response.get('WWW-Authenticate').should.equal(`Bearer realm="Service",error="invalid_token",error_description="${errorDescription}"`);
+          response.status.should.equal(401);
         });
     });
 
@@ -253,6 +258,7 @@ describe('AuthenticateHandler integration', () => {
         })
         .catch(() => {
           response.get('WWW-Authenticate').should.equal('Bearer realm="Service",error="insufficient_scope",error_description="Forbidden"');
+          response.status.should.equal(403);
         });
     });
 
@@ -273,6 +279,7 @@ describe('AuthenticateHandler integration', () => {
         })
         .catch(() => {
           response.get('WWW-Authenticate').should.equal(`Bearer realm="Service",error="insufficient_scope",error_description="${errorDescription}"`);
+          response.status.should.equal(403);
         });
     });