Closed bc-pi closed 9 months ago
Thanks, we've addressed the two points here.
That should have been "custom property" instead of "custom error code".
We've renamed authorization_required
to insufficient_authorization
and defined it on both endpoints. Can you let me know if this clears it up?
Can you let me know if this clears it up?
I think so, yeah.
There are a few places with text like:
but that
"error": "authorization_required"
is the error code so the text kinda contradicts itself. Doesn't it? Maybe I'm confused but I think (esp after looking at the example https://www.ietf.org/archive/id/draft-parecki-oauth-first-party-apps-00.html#appendix-B.2) it should just say something like "including anauth_session
and a custom error code indicating that ..."Also
authorization_required
seems to be defined as a token endpoint error while most/all instances of that kind of text are in response to an Authorization Challenge Request.