OAauth authorization error status 400/401 #769
Comments
|
Hi @timabilov, The logic seems in adequation of the OAuth2.0 protocol. See https://tools.ietf.org/html/rfc6749#section-5.2 . Note that we have a gap in the implementation of depending if we should return 400 or 401 based on HTTP request Header, see the discussion at oauthlib/oauthlib#264 (comment) Have you tried to read the In case of password error with Resource Owner Password grant, it should be 400/or 401 and |
|
i see that they really giving us a hard time there with plenty of cases wrapped to one error. at least now i can use my status_code for custom Thank you. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There should be flexible way to return 401 status only for password error.
Right now status 400 is natively written on
OAuth2Errorfor example on password grant type - there is no way to technically say whether it is password error or request body problem.
For example, other services have issues about the proper frontend error message
The text was updated successfully, but these errors were encountered: