[Openid-specs-ab] Correct authorisation error code when client isn't registered / bad client ID?

Vladimir Dzhuvinov / NimbusDS vladimir at nimbusds.com
Thu Nov 15 09:17:13 UTC 2012


Hi guys,

Which code should be returned when the OP receives an authorisation
request from a client ID that is invalid or hasn't been registered?

I see two choices, according to
http://tools.ietf.org/html/rfc6749#section-4.2.2.1


1. unauthorized_client : The client is not authorized to request an
access token using this method.

2. access_denied : The resource owner or authorization server denied the
request.


Which code is the correct one for this case?


Thanks,

Vladimir

--
Vladimir Dzhuvinov : www.NimbusDS.com : vladimir at nimbusds.com


More information about the Openid-specs-ab mailing list