Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expired refresh_token should return invalid_grant error #112

Closed
xmedeko opened this Issue Mar 11, 2019 · 0 comments

Comments

Projects
None yet
2 participants
@xmedeko
Copy link

xmedeko commented Mar 11, 2019

When a refresh token expired, the authlib reply with 400 invalid_request error: Invalid "refresh_token" in request. However, the 400 invalid_grant should be returned , see https://tools.ietf.org/html/rfc6749#section-5.2 :

The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, ...

@xmedeko xmedeko changed the title Expired refresh_token should return 401 invalid_grant error Expired refresh_token should return invalid_grant error Mar 11, 2019

@lepture lepture added the bug label Mar 18, 2019

@lepture lepture closed this in 7e4ad97 Mar 18, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.