Why does OAuth2Provider::authorize not include error JSON in error response body
ctoomey opened this issue · comments
OAuth2Provider:: issueAccessToken() and OAuth2Provider::authorize() handle errors mostly the same except that issueAccessToken() includes a JSON body describing the error and authorize() doesn't. Is there a particular reason for not including the JSON body for authorize() errors? If not I'll submit a pull request with that fixed.
We support the Bearer Token, about error code is written as follows:
http://tools.ietf.org/html/rfc6750#section-3.1
The specification had not been specified for the error response body.
However I can find the specification of Issuing an Access Token in RFC6749.
Yet I can't find the specification of Accessing Protected Resources in RFC6749.
So, we should support only OAuth2Provider:: issueAccessToken
to include error JSON in error response body?
Yes you're right, I hadn't noticed that the spec. only calls for the response body for errors when issuing tokens. Thanks.