[Openid-specs-ab] RP Testing: "incorrect_behavior" during token exchange
wdenniss at google.com
Sun Mar 26 20:16:16 UTC 2017
Brian pointed me in the right direction. Client was registering
with client_secret_post, but then sending basic.
I think the test OP should return HTTP 400 for this error, and use the
standard "invalid_client" OAuth error
On Sun, Mar 26, 2017 at 3:03 PM, William Denniss <wdenniss at google.com>
> While running the *rp-response_type-code* test in AppAuth, I'm seeing the
> following error while exchanging the authorization code:
> HTTP 200
> error = "incorrect_behavior";
> "error_description" = "Failed to verify client";
> What does this error mean? It doesn't appear to be a standard error.
> Also, the testing server should return HTTP 400 for errors per the spec
> <https://tools.ietf.org/html/rfc6749#section-5.2>, not HTTP 200 for
> Where is the source code of the tests? Can that location be linked in
> http://openid.net/certification/rp_testing/ ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab