[Openid-specs-ab] Correct authorisation error code when client isn't registered / bad client ID?
Vladimir Dzhuvinov / NimbusDS
vladimir at nimbusds.com
Thu Nov 15 09:17:13 UTC 2012
Hi guys,
Which code should be returned when the OP receives an authorisation
request from a client ID that is invalid or hasn't been registered?
I see two choices, according to
http://tools.ietf.org/html/rfc6749#section-4.2.2.1
1. unauthorized_client : The client is not authorized to request an
access token using this method.
2. access_denied : The resource owner or authorization server denied the
request.
Which code is the correct one for this case?
Thanks,
Vladimir
--
Vladimir Dzhuvinov : www.NimbusDS.com : vladimir at nimbusds.com
More information about the Openid-specs-ab
mailing list