In most cases, invalid tokens will return the correct error below, but some invalid tokens will return strange errors.
{"error":"invalid_grant","error_description":"Invalid refresh token."}
Reproduction Steps
Sent an invalid refresh token to /v2/oauth/token
Actual Behaviour
{"error":"invalid_grant: Token is expired or invalid.","error_description":"Token is expired or invalid."}
Expected Behaviour
{"error":"invalid_grant","error_description":"Token is expired or invalid."}
Bug
The error response when trying to refresh a revoked token is incorrect. An error code not specified in RFC6749 is returned.
https://tools.ietf.org/html/rfc6749#section-5.2
In most cases, invalid tokens will return the correct error below, but some invalid tokens will return strange errors.
{"error":"invalid_grant","error_description":"Invalid refresh token."}Reproduction Steps
Sent an invalid refresh token to /v2/oauth/token
Actual Behaviour
{"error":"invalid_grant: Token is expired or invalid.","error_description":"Token is expired or invalid."}Expected Behaviour
{"error":"invalid_grant","error_description":"Token is expired or invalid."}