No issue. I didn't consider invalid-grant, but reading it more carefully I
should have. Yes, the distinction I was looking for is there.
Thanks.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre
On Sun, Jul 4, 20
If the client credentials are bad the server returns: invalid-client-credentials
If the end-user's credentials are bad, the server returns: invalid-grant
Not sure what's the issue.
EHL
On 7/4/10 7:33 PM, "Andrew Arnott" wrote:
Well, to the client app there's an important distinction I think.
Well, to the client app there's an important distinction I think. If the
client id and secret are invalid, that signifies either an internal error or
a total revocation of support for the client. But the username/password
being bad means the client should ask the user to re-enter their
credential
There is no difference. The client credentials are either valid or not.
EHL
On 7/3/10 5:28 PM, "Andrew Arnott" wrote:
I see an invalid-client-credentials error code, but for the basic-credentials
grant type, it seems there should be a specific error code to indicate the
resource owner's basi
I see an invalid-client-credentials error code, but for the
basic-credentials grant type, it seems there should be a specific error code
to indicate the resource owner's basic creds are invalid, as opposed to the
client's credentials being invalid.
--
Andrew Arnott
"I [may] not agree with what you
