Invalid_grand is correct.
EH
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Buhake Sindi
Sent: Tuesday, February 21, 2012 7:16 AM
To: Peter Brindisi
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] error response for invalid refresh token
Hi
invalid_grant
The provided
Hi
invalid_grant
>
>
The provided authorization grant (e.g. authorization code,
> resource owner credentials) is invalid, expired, revoked, does
> not match the redirection URI used
>
I would think that the refresh_token is an authorization code that needs
refreshing, so this would be valid.
Hi all,
I am currently implementing version 23 of the oauth2 spec, and I came
across a bit of ambiguity. What is the appropriate error code for an
invalid refresh token? I am unsure whether it should be 'invalid_grant' or
'invalid_request'. Neither seems 100% clear.
Thanks in advance!
Best,
Pete
