diff options
author | Jonathan Huot <JonathanHuot@users.noreply.github.com> | 2018-09-20 15:54:43 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-09-20 15:54:43 +0200 |
commit | 7fb3bd4eb20959b4c7e4615974b0f87456d05939 (patch) | |
tree | ddec45dcebbf41f8ba8c12755c1ece85c2bca263 | |
parent | 7ed3c53f8d04634ee8f470a4d621cd26505e977e (diff) | |
parent | 5873be567db7447ac7992357b6fd61c5dc5b4bf1 (diff) | |
download | oauthlib-7fb3bd4eb20959b4c7e4615974b0f87456d05939.tar.gz |
Merge pull request #561 from freeduerinckx/invalid-grant-should-respond-with-400
`invalid_grant` status code should be 400
-rw-r--r-- | oauthlib/oauth2/rfc6749/errors.py | 4 | ||||
-rw-r--r-- | tests/oauth2/rfc6749/grant_types/test_refresh_token.py | 2 |
2 files changed, 4 insertions, 2 deletions
diff --git a/oauthlib/oauth2/rfc6749/errors.py b/oauthlib/oauth2/rfc6749/errors.py index d17e08e..8c8bda3 100644 --- a/oauthlib/oauth2/rfc6749/errors.py +++ b/oauthlib/oauth2/rfc6749/errors.py @@ -246,9 +246,11 @@ class InvalidGrantError(OAuth2Error): owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. + + https://tools.ietf.org/html/rfc6749#section-5.2 """ error = 'invalid_grant' - status_code = 401 + status_code = 400 class UnauthorizedClientError(OAuth2Error): diff --git a/tests/oauth2/rfc6749/grant_types/test_refresh_token.py b/tests/oauth2/rfc6749/grant_types/test_refresh_token.py index 21540a2..f055c7d 100644 --- a/tests/oauth2/rfc6749/grant_types/test_refresh_token.py +++ b/tests/oauth2/rfc6749/grant_types/test_refresh_token.py @@ -109,7 +109,7 @@ class RefreshTokenGrantTest(TestCase): token = json.loads(body) self.assertEqual(self.mock_validator.save_token.call_count, 0) self.assertEqual(token['error'], 'invalid_grant') - self.assertEqual(status_code, 401) + self.assertEqual(status_code, 400) def test_invalid_client(self): self.mock_validator.authenticate_client.return_value = False |