Duplicated parameters on authorize.
dgnin opened this issue · comments
dgnin commented
On the OAuth guide for The Authorization Response says the redirect has to be attached with an invalid_request error query string parameter when:
invalid_request – the request is missing a parameter, contains an invalid parameter, includes a parameter more than once, or is otherwise invalid.
The library throws a InvalidRequestError
in the two first cases, but when I provide a request body with a duplicated parameter, which translates into a parameter with an array value, it doesn't throw any exception, and as far I understand it should.