Grant Management uses invalid_grant as authorization response error
Issue #373
resolved
### Error Response
In case the `grant_id` is unknown or invalid, the authorization server will respond with an error code `invalid_grant` (as defined in [@!RFC6749]).
The invalid_grant error as defined in 6749 is a “token endpoint” error.
The authorization server responds with an HTTP 400 (Bad Request) status code
This specification should therefore register the error_code for use at the different endpoints (authorization[, device_authorization, ciba]) it is possible to return the code from in IANA.
Comments (6)
-
-
reporter Sounds good.
-
I came here to say something about “invalid_grant” having a different meaning and suggest that a different error code be used. But that’s already been mentioned by @Dima Postnikov . So +1 to “invalid_grant_id“.
-
-
PR merged
-
- changed status to resolved
renamed as invalid_grant_id
- Log in to comment
Thanks @Filip Skokan
Given the meaning of grant is different for a token endpoint, we could define and register “invalid_grant_id“ error. What do you think?