Have the parse_request method of the introspection endpoint return an

error message if the token parameter is missing.
Actually it returns an error message if anything in the
introspection request is not correct.

Author: rohe

src/oidcendpoint/oauth2/introspection.py

@@ -40,6 +40,8 @@ def process_request(self, request=None, **kwargs):
         :return:
         """
         _introspect_request = self.request_cls(**request)
+        if "error" in _introspect_request:
+            return _introspect_request
 
         _jwt = JWT(key_jar=self.endpoint_context.keyjar)
 

tests/test_31_introspection.py

@@ -226,3 +226,15 @@ def test_do_response(self):
             "jti",
         }
         assert _payload["active"] == True
+
+    def test_do_response_no_token(self):
+        _context = self.introspection_endpoint.endpoint_context
+        _ = setup_session(_context, AUTH_REQ, uid="diana")
+        _req = self.introspection_endpoint.parse_request(
+            {
+                "client_id": "client_1",
+                "client_secret": _context.cdb["client_1"]["client_secret"],
+            }
+        )
+        _resp = self.introspection_endpoint.process_request(_req)
+        assert "error" in _resp