You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For Authorization Errors, it is quite clear that error responses should follow 3.1. Error Codes from RFC 6750, which requires the use of the WWW-Authenticate header with error and error_description attributes.
For errors related to the Credential Request's payload […] the specific error codes from this section MUST be used instead of the generic invalid_request parameter defined in Section 3.1 of [RFC6750]
HTTP response MUST use the HTTP status code 400 (Bad Request) and set the content type to application/json with the following parameters in the JSON-encoded response body :
It is not obvious that RFC 6749 should be used here, as its 5.2 section is about errors by the authorization server, while we are here talking about the Credential endpoint, which rather acts like a resource server. From this point of view, following RFC 6750 looks more appropriate.
The text was updated successfully, but these errors were encountered:
I find section 7.3.1. Credential Error Response confusing about the format of these errors.
For Authorization Errors, it is quite clear that error responses should follow 3.1. Error Codes from RFC 6750, which requires the use of the
WWW-Authenticateheader witherroranderror_descriptionattributes.For Credential Request Errors, it is unclear wether RFC 6749 or 6750 errors should be used.
This looks much like errors defined in 5.2. Error Response from RFC 6749, but the text only points to RFC 6750.
It is not obvious that RFC 6749 should be used here, as its 5.2 section is about errors by the authorization server, while we are here talking about the Credential endpoint, which rather acts like a resource server. From this point of view, following RFC 6750 looks more appropriate.
The text was updated successfully, but these errors were encountered: