Invalid_grand is correct. EH
From: [email protected] [mailto:[email protected]] On Behalf Of Buhake Sindi Sent: Tuesday, February 21, 2012 7:16 AM To: Peter Brindisi Cc: [email protected] Subject: Re: [OAUTH-WG] error response for invalid refresh token Hi invalid_grant The provided authorization grant (e.g. authorization code, resource owner credentials) is invalid, expired, revoked, does not match the redirection URI used I would think that the refresh_token is an authorization code that needs refreshing, so this would be valid. On 21 February 2012 15:33, Peter Brindisi <[email protected]<mailto:[email protected]>> wrote: Hi all, I am currently implementing version 23 of the oauth2 spec, and I came across a bit of ambiguity. What is the appropriate error code for an invalid refresh token? I am unsure whether it should be 'invalid_grant' or 'invalid_request'. Neither seems 100% clear. Thanks in advance! Best, Peter _______________________________________________ OAuth mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
