You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As you can see in this section of RFC, the only exception is the "invalid_client" error, when the HTTP 401 (Unauthorized) status code may be supplied.
But, looking at the TokenError, we see these status codes, which go against the RFC:
function TokenError(message, code, uri, status) {
if (!status) {
switch (code) {
case 'invalid_request': status = 400; break;
case 'invalid_client': status = 401; break;
case 'invalid_grant': status = 403; break;
case 'unauthorized_client': status = 403; break;
case 'unsupported_grant_type': status = 501; break;
case 'invalid_scope': status = 400; break;
}
}
...
}
The text was updated successfully, but these errors were encountered:
According to RFC 6749 (The OAuth 2.0 Authorization Framework):
From https://tools.ietf.org/html/rfc6749#section-5.2
As you can see in this section of RFC, the only exception is the "invalid_client" error, when the HTTP 401 (Unauthorized) status code may be supplied.
But, looking at the TokenError, we see these status codes, which go against the RFC:
The text was updated successfully, but these errors were encountered: