Select to view content in your preferred language

Make the OAuth2 Token Endpoint return errors correctly

112
0
12-05-2024 12:57 PM
Status: Open
JensBorgland
Emerging Contributor

As far as I can determine the OAuth2 Token Endpoint currently always return 200 as response status code - even for errors. This is not in line with the OAuth2 specification that states:

The authorization server responds with an HTTP 400 (Bad Request) status code (unless specified otherwise)

This makes some clients fail to provide reasonable error messages to users/administrators and thus makes troubleshooting a lot harder than necessary.