Closed margaretha closed 1 year ago
Only when the user is not authenticated ... right?
We discussed this topic in Slack. I don't think the user should be encouraged to log in, when a wrong and potentially malicious authorization request is done. To avoid this error message, the user should be lead to the start page, in case it is not logged in. When logged in, the settings page is fine and may help to check already granted authorizations.
When sending an authorization request without scope, Kalamar throws "not authenticated" error.
Example request:
https://korap.ids-mannheim.de/instance/test/settings/oauth/authorize?client_id=client_id&redirect_uri=redirect_urit&response_type=code&state=ZMwDGTZ2RY