yunwwang
commented
4 months ago @bholyshevskyi:
Thank you for reach to us for this Inferno test issue.
The designated response code(s) are outlined in RFC-6749 "The OAuth 2.0 Authorization Framework," specifically in Section 5.2.
The authorization server responds with an HTTP 400 (Bad Request) status code (unless specified otherwise) and includes the following parameters with the response:
Should there be a consideration to include an HTTP 403 status code, please inform us of the corresponding standard that supports this inclusion.
We use Auth0 for authentication in our project. When running
ONC Certification (g)(10) Standardized API V.5.1.0 (US Core 6.1.0 / USCDI v3, SMART App Launch 2.0.0, Bulk Data 2.0.0)tests. Some tests which assert invalid auth flow fail because 403 is not counted as expected result. The tests are:Is it possible to make returned 403 error to pass the tests above?