-
assigned issue to
2.1.3. Authorization Error Response: First paragraph in need of rewording
The first paragraph summarises what the OP should do in case of an authorisation error and then refers to OAuth 2.0 for further info.
Not all errors, however, should or can be reported back to the client, as the summary suggests.
Perhaps we could just refer directly to the appropriate OAuth 2.0 sections and avoid further explanations.
E.g.:
If the End-User denies the access request or if the request fails, the OP (Authorization Server) produces an error response according to sections 4.1.2.1 and 4.2.2.1 of OAuth 2.0 [RFC6749].
Comments (3)
-
-
reporter Hi Mike,
I just wanted to point out that the wording of the paragraph doesn't precisely reflect the OP action on a authorisation error. It seems to imply that all errors are reported back to the client whereas that isn't always the case, e.g. on invalid redirect URI.
So yes, it's just an editorial change.
-
- changed status to resolved
Fixed
#733- Reworded authorization error response→ <<cset ad830ccda66e>>
- Log in to comment
Vladimir, do you believe that there are errors we're currently incorrectly describing, and if so, what, or are you just requesting editorial changes?