error code vs error code

[bc-pi]

There are a few places with text like:

The Authorization Server returns an Error Response ... including "error": "authorization_required", "auth_session", and a custom error code indicating that ...

but that "error": "authorization_required" is the error code so the text kinda contradicts itself. Doesn't it? Maybe I'm confused but I think (esp after looking at the example https://www.ietf.org/archive/id/draft-parecki-oauth-first-party-apps-00.html#appendix-B.2) it should just say something like "including an auth_session and a custom error code indicating that ..."

Also authorization_required seems to be defined as a token endpoint error while most/all instances of that kind of text are in response to an Authorization Challenge Request.

[aaronpk]

Thanks, we've addressed the two points here.

That should have been "custom property" instead of "custom error code".

We've renamed authorization_required to insufficient_authorization and defined it on both endpoints. Can you let me know if this clears it up?

[bc-pi]

Can you let me know if this clears it up?

I think so, yeah.