[Openid-specs-ab] Correct authorisation error code when client isn't registered / bad client ID?

Vladimir Dzhuvinov / NimbusDS vladimir at nimbusds.com
Thu Nov 15 09:17:13 UTC 2012

Hi guys,

Which code should be returned when the OP receives an authorisation
request from a client ID that is invalid or hasn't been registered?

I see two choices, according to

1. unauthorized_client : The client is not authorized to request an
access token using this method.

2. access_denied : The resource owner or authorization server denied the

Which code is the correct one for this case?



Vladimir Dzhuvinov : www.NimbusDS.com : vladimir at nimbusds.com

More information about the Openid-specs-ab mailing list