From 1f919bc79158d812557bf9161a32643083b031b8 Mon Sep 17 00:00:00 2001
From: Josh Cummings <josh.cummings@gmail.com>
Date: Tue, 28 Sep 2021 13:24:51 -0600
Subject: [PATCH] Fix OAuth2 Error Code

Closes gh-10319
---
 .../security/oauth2/jwt/JwtTimestampValidator.java              | 2 +-
 .../security/oauth2/jwt/JwtTimestampValidatorTests.java         | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTimestampValidator.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTimestampValidator.java
index 0fb72aca00..d191b8b11a 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTimestampValidator.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTimestampValidator.java
@@ -90,7 +90,7 @@ public final class JwtTimestampValidator implements OAuth2TokenValidator<Jwt> {
 
 	private OAuth2Error createOAuth2Error(String reason) {
 		this.logger.debug(reason);
-		return new OAuth2Error(OAuth2ErrorCodes.INVALID_REQUEST, reason,
+		return new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, reason,
 				"https://tools.ietf.org/html/rfc6750#section-3.1");
 	}
 
diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java
index 4f1708e85d..8f4c8637f2 100644
--- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java
+++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java
@@ -28,6 +28,7 @@ import java.util.stream.Collectors;
 import org.junit.Test;
 
 import org.springframework.security.oauth2.core.OAuth2Error;
+import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
 import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
 import org.springframework.security.oauth2.jose.jws.JwsAlgorithms;
 
@@ -109,6 +110,7 @@ public class JwtTimestampValidatorTests {
 				.collect(Collectors.toList());
 		// @formatter:on
 		assertThat(result.hasErrors()).isTrue();
+		assertThat(result.getErrors().iterator().next().getErrorCode()).isEqualTo(OAuth2ErrorCodes.INVALID_TOKEN);
 		assertThat(messages).contains("Jwt used before " + justOverOneDayFromNow);
 	}