From e159b2eed28c9e409f79c788d245b2c3ddad0567 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Sat, 27 Oct 2018 16:45:24 +0200
Subject: [PATCH] Log a message when rejecting response_type=token requests
 made by confidential clients

---
 .../Internal/OpenIddictServerProvider.Authentication.cs        | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Authentication.cs b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Authentication.cs
index 9c47b602..8781bc4d 100644
--- a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Authentication.cs
+++ b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Authentication.cs
@@ -308,6 +308,9 @@ namespace OpenIddict.Server.Internal
             if (await _applicationManager.IsConfidentialAsync(application) &&
                 context.Request.HasResponseType(OpenIddictConstants.ResponseTypes.Token))
             {
+                _logger.LogError("The authorization request was rejected because the confidential application '{ClientId}' " +
+                                 "was not allowed to retrieve an access token from the authorization endpoint.", context.ClientId);
+
                 context.Reject(
                     error: OpenIddictConstants.Errors.UnauthorizedClient,
                     description: "The specified 'response_type' parameter is not valid for this client application.");