diff options
| author | Free Duerinckx <free.duerinckx@vikingco.com> | 2018-07-04 14:35:03 +0200 |
|---|---|---|
| committer | Free Duerinckx <free.duerinckx@vikingco.com> | 2018-07-04 14:41:47 +0200 |
| commit | a4f39fc93ca2cb3b14eb1f3538ba5363148485be (patch) | |
| tree | 002d34ee695ebe09dc8d2e7f7c8392299684de07 /tests/oauth2 | |
| parent | cfcbe99477a5d392175970f9c2e16b7d8ce138fb (diff) | |
| download | oauthlib-a4f39fc93ca2cb3b14eb1f3538ba5363148485be.tar.gz | |
`invalid_grant` status code should be 400
According to section 5.2 of rfc 6749
(https://tools.ietf.org/html/rfc6749#section-5.2)
A server should respond with 400 in case of an invalid grant. The
given grant is invalid and the client should give other data.
A 401 is not applicable here because the client is required to give
a suitable Authorization header field which doesn't make any sense if
you are trying to acquire a grant authentication.
According to sections 10.4.1 and 10.4.2 of rfc 2616
(https://tools.ietf.org/html/rfc2616#section-10.4.1)
Diffstat (limited to 'tests/oauth2')
| -rw-r--r-- | tests/oauth2/rfc6749/grant_types/test_refresh_token.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/oauth2/rfc6749/grant_types/test_refresh_token.py b/tests/oauth2/rfc6749/grant_types/test_refresh_token.py index 21540a2..f055c7d 100644 --- a/tests/oauth2/rfc6749/grant_types/test_refresh_token.py +++ b/tests/oauth2/rfc6749/grant_types/test_refresh_token.py @@ -109,7 +109,7 @@ class RefreshTokenGrantTest(TestCase): token = json.loads(body) self.assertEqual(self.mock_validator.save_token.call_count, 0) self.assertEqual(token['error'], 'invalid_grant') - self.assertEqual(status_code, 401) + self.assertEqual(status_code, 400) def test_invalid_client(self): self.mock_validator.authenticate_client.return_value = False |