insufficient_scope
The request requires higher privileges than provided by the
access token. The resource server SHOULD respond with the HTTP
403 (Forbidden) status code and MAY include the "scope"
attribute with the scope necessary to access the protected
resource.
"insufficient_scope" should be perfectly fine for "RAR-red" tokens.
The error description is the token not having enough privileges, in the
general sense.
Do you need to communicate additional error info back from the resource?
Vladimir Dzhuvinov
On 17/01/2025 07:21, Dmitry Telegin wrote:
RAR does not define it's equivalent of RFC 6750's "insufficient_scope"
error response (could be "insufficient_authorization", for example).
Is this intentional? If not, would it make sense to define it in a
separate document?
Dmitry
_______________________________________________
OAuth mailing list --oauth@ietf.org
To unsubscribe send an email tooauth-le...@ietf.org
_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org
