Currently, OAuth2ErrorAuthenticationFailureHandler always returns 400 Bad Request for all OAuth2 errors. There are some OAuth2 error codes that have clearly more matching http status codes, for example "unauthorized_client" could return a 401 Unauthorized etc.
jgrandja
commented
2 weeks ago
Currently,
OAuth2ErrorAuthenticationFailureHandleralways returns400 Bad Requestfor all OAuth2 errors. There are some OAuth2 error codes that have clearly more matching http status codes, for example"unauthorized_client"could return a401 Unauthorizedetc.Adresses https://github.com/spring-projects/spring-authorization-server/issues/1636.