Also, the OAuth RFC does not use "MUST" for 400 response and allows some freedom... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Croftengea on Dec 12, 2024 \| parent \| context \| favorite \| on: Dear OAuth Providers Also, the OAuth RFC does not use "MUST" for 400 response and allows some freedom in this regard: > The authorization server responds with an HTTP 400 (Bad Request) status code (unless specified otherwise) https://datatracker.ietf.org/doc/html/rfc6749#section-5.2

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact