According tohttps://www.oauth.com/oauth2-servers/access-tokens/access-token-response/

   Error responses are returned with an HTTP 400 status code (unless
   specified otherwise), with error and error_description parameters. The
   error parameter will always be one of the values listed below.

     * invalid_request
     * invalid_client
     * invalid_grant
     * invalid_scope
     * unauthorized_client
     * unsupported_grant_type

Can I have custom error like "invalid_captcha" or "captcha_required"?

I want , if some one send wrong credentials for 3 times , I send "captcha_required" error and for next time must send valid captcha code

My question is:

1. Is it allowed to define custom error codes in OAuth ?
2. Is there alternative way to solve my problem?

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to