Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Return invalid_grant error when the authorization code is revoked #1082

Conversation

arietimmerman
Copy link
Contributor

According to rfc6749, the correct error for trying to exchange a revoke (used) authorization code is invalid_grant, not invalid_request.

invalid_grant
    The provided authorization grant (e.g., authorization
    code, resource owner credentials) or refresh token is
    invalid, expired, revoked, does not match the redirection
    URI used in the authorization request, or was issued to
    another client.

@Sephster
Copy link
Member

Thanks for this change @arietimmerman - would you be able to add a test to support this change? Thank you

@arietimmerman
Copy link
Contributor Author

Turned out I could enrich an existing test. So that's what I just did.

@Sephster Sephster changed the base branch from master to 9.0.0-WIP January 31, 2020 22:06
@Sephster
Copy link
Member

Looks great thanks @arietimmerman - I've merged this into branch 9.0.0 as this would be a breaking change but looks good to me. Thanks for your contribution

@Sephster Sephster merged commit 0bf21a7 into thephpleague:9.0.0-WIP Jan 31, 2020
ajgarlag added a commit to ajgarlag/oauth2-server-bundle that referenced this pull request Apr 22, 2024
ajgarlag added a commit to ajgarlag/oauth2-server-bundle that referenced this pull request Apr 22, 2024
ajgarlag added a commit to ajgarlag/oauth2-server-bundle that referenced this pull request May 16, 2024
ajgarlag added a commit to ajgarlag/oauth2-server-bundle that referenced this pull request Aug 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants