You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.
In the OAuth authorization_code flow, when validating the redirect_uri on the authorize endpoint, why do we return an unauthorized_client when the redirect_uri is invalid.
Shouldn't this be an invalid_request according to the spec:
invalid_request
The request is missing a required parameter, includes an
invalid parameter value, includes a parameter more than
once, or is otherwise malformed. https://tools.ietf.org/html/rfc6749#section-4.1.2.1
Parameter is invalid, unauthorized_client says something about the method the client uses to request an authorization_code.
If you agree I can do the work on this.
The text was updated successfully, but these errors were encountered:
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Questions are community supported only and the authors/maintainers may or may not have time to reply. If you or your company would like commercial support, please see here for more information.
Same as #4075 but on the Authorize endpoint:
In the OAuth authorization_code flow, when validating the redirect_uri on the authorize endpoint, why do we return an
unauthorized_client
when the redirect_uri is invalid.Shouldn't this be an
invalid_request
according to the spec:Parameter is invalid, unauthorized_client says something about the method the client uses to request an authorization_code.
If you agree I can do the work on this.
The text was updated successfully, but these errors were encountered: