In the event of an OAuth Error we shouldn't return a 400 always #171
Labels
Comments
|
We try to follow the OAuth spec. What does it say for this situation? |
The OAuth spec does not seem to cover HTTP responses. So 403 should fit better. |
|
This issue has been automatically marked as stale because it has not had activity in 1 year. It will be closed in 7 days if no further activity occurs. Thanks! |
|
This issue was closed because it had no activity for over 1 year. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When we fail to login (e.g. no such user) we return a 400. The code will return an OAuth error appropriately, and then we map that to a 400. It should be a 403 in this case. I'm not sure that all of them are that way, but at least this instance.
gotrue/api/errors.go
Line 172 in 6dae5c5
The text was updated successfully, but these errors were encountered: