If the client credentials are bad the server returns: invalid-client-credentials If the end-user's credentials are bad, the server returns: invalid-grant
Not sure what's the issue. EHL On 7/4/10 7:33 PM, "Andrew Arnott" <andrewarn...@gmail.com> wrote: Well, to the client app there's an important distinction I think. If the client id and secret are invalid, that signifies either an internal error or a total revocation of support for the client. But the username/password being bad means the client should ask the user to re-enter their credentials. Otherwise it leads to user frustration that the client keeps putting up a reprompt for creds when it will never end up working. So from a client perspective it seems like an important distinction. no? -- Andrew Arnott "I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre On Sat, Jul 3, 2010 at 9:50 PM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: There is no difference. The client credentials are either valid or not. EHL On 7/3/10 5:28 PM, "Andrew Arnott" <andrewarn...@gmail.com <http://andrewarn...@gmail.com> > wrote: I see an invalid-client-credentials error code, but for the basic-credentials grant type, it seems there should be a specific error code to indicate the resource owner's basic creds are invalid, as opposed to the client's credentials being invalid. -- Andrew Arnott "I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
