1. OpenID Foundation Avatar OpenID Foundation
  2. WGs
  3. fapi
  4. Issues

Grant Management uses invalid_grant as authorization response error

Issue #373 resolved
Filip Skokan created an issue 
### Error Response

In case the `grant_id` is unknown or invalid, the authorization server will respond with an error code `invalid_grant` (as defined in [@!RFC6749]).

The invalid_grant error as defined in 6749 is a “token endpoint” error.

The authorization server responds with an HTTP 400 (Bad Request) status code

This specification should therefore register the error_code for use at the different endpoints (authorization[, device_authorization, ciba]) it is possible to return the code from in IANA.

Comments (6)

  1. Dima Postnikov

    Thanks @Filip Skokan

    Given the meaning of grant is different for a token endpoint, we could define and register “invalid_grant_id“ error. What do you think?

  3. Brian Campbell

    I came here to say something about “invalid_grant” having a different meaning and suggest that a different error code be used. But that’s already been mentioned by @Dima Postnikov . So +1 to “invalid_grant_id“.

  7. Log in to comment
Assignee
Type
bug
Priority
minor
Status
resolved
Component
Grant Management
Milestone
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!