Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Return invalid_grant error when the authorization code is revoked #1082

Merged
merged 4 commits into from
Jan 31, 2020
Merged

Return invalid_grant error when the authorization code is revoked #1082

merged 4 commits into from
Jan 31, 2020

Conversation

arietimmerman
Copy link
Contributor

According to rfc6749, the correct error for trying to exchange a revoke (used) authorization code is invalid_grant, not invalid_request.

invalid_grant
    The provided authorization grant (e.g., authorization
    code, resource owner credentials) or refresh token is
    invalid, expired, revoked, does not match the redirection
    URI used in the authorization request, or was issued to
    another client.

@Sephster
Copy link
Member

Thanks for this change @arietimmerman - would you be able to add a test to support this change? Thank you

@arietimmerman
Copy link
Contributor Author

Turned out I could enrich an existing test. So that's what I just did.

@Sephster Sephster changed the base branch from master to 9.0.0-WIP January 31, 2020 22:06
@Sephster
Copy link
Member

Looks great thanks @arietimmerman - I've merged this into branch 9.0.0 as this would be a breaking change but looks good to me. Thanks for your contribution

@Sephster Sephster merged commit 0bf21a7 into thephpleague:9.0.0-WIP Jan 31, 2020
ajgarlag added a commit to ajgarlag/oauth2-server-bundle that referenced this pull request Apr 22, 2024
@ajgarlag
Check for error invalid_grant instead of invalid_request
e396bc6 
* See thephpleague/oauth2-server#1042
* See thephpleague/oauth2-server#1082
ajgarlag added a commit to ajgarlag/oauth2-server-bundle that referenced this pull request Apr 22, 2024
@ajgarlag
Check for error invalid_grant instead of invalid_request
4a579eb 
* See thephpleague/oauth2-server#1042
* See thephpleague/oauth2-server#1082
ajgarlag added a commit to ajgarlag/oauth2-server-bundle that referenced this pull request May 16, 2024
@ajgarlag
Check for error invalid_grant instead of invalid_request
ee229be 
* See thephpleague/oauth2-server#1042
* See thephpleague/oauth2-server#1082
ajgarlag added a commit to ajgarlag/oauth2-server-bundle that referenced this pull request Aug 12, 2024
@ajgarlag
Check for error invalid_grant instead of invalid_request
8bfa0d8 
* See thephpleague/oauth2-server#1042
* See thephpleague/oauth2-server#1082
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@arietimmerman @Sephster