diff options
author | Benjamin Pereto <benjamin@sandchaschte.ch> | 2018-12-03 17:59:25 +0100 |
---|---|---|
committer | Benjamin Pereto <benjamin@sandchaschte.ch> | 2018-12-03 17:59:25 +0100 |
commit | ea849f66a92f6ce78cae6574e8d20a19a267ac96 (patch) | |
tree | b9d1a92d6bf7dc7421baf1b160229fbf073fcffa | |
parent | 719a5f3bc62465ab8502442458c72016bf91b7cd (diff) | |
download | oauthlib-ea849f66a92f6ce78cae6574e8d20a19a267ac96.tar.gz |
`invalid_scope` status code should be 400
-rw-r--r-- | oauthlib/oauth2/rfc6749/errors.py | 4 | ||||
-rw-r--r-- | tests/oauth2/rfc6749/grant_types/test_refresh_token.py | 2 |
2 files changed, 4 insertions, 2 deletions
diff --git a/oauthlib/oauth2/rfc6749/errors.py b/oauthlib/oauth2/rfc6749/errors.py index 7ead3d4..678fcff 100644 --- a/oauthlib/oauth2/rfc6749/errors.py +++ b/oauthlib/oauth2/rfc6749/errors.py @@ -199,9 +199,11 @@ class UnsupportedResponseTypeError(OAuth2Error): class InvalidScopeError(OAuth2Error): """ The requested scope is invalid, unknown, or malformed. + + https://tools.ietf.org/html/rfc6749#section-5.2 """ error = 'invalid_scope' - status_code = 401 + status_code = 400 class ServerError(OAuth2Error): diff --git a/tests/oauth2/rfc6749/grant_types/test_refresh_token.py b/tests/oauth2/rfc6749/grant_types/test_refresh_token.py index f055c7d..32a0977 100644 --- a/tests/oauth2/rfc6749/grant_types/test_refresh_token.py +++ b/tests/oauth2/rfc6749/grant_types/test_refresh_token.py @@ -99,7 +99,7 @@ class RefreshTokenGrantTest(TestCase): token = json.loads(body) self.assertEqual(self.mock_validator.save_token.call_count, 0) self.assertEqual(token['error'], 'invalid_scope') - self.assertEqual(status_code, 401) + self.assertEqual(status_code, 400) def test_invalid_token(self): self.mock_validator.validate_refresh_token.return_value = False |