Spec compliance: invalid_request returned when refresh token invalid

According to [the OAuth2 spec](https://tools.ietf.org/html/rfc6749#section-5.2), when you're using the `refresh_token` grant and the refresh token has expired, it should return an `invalid_grant` error. But this server actually returns a `invalid_request` error.

 ```
        invalid_grant
               The provided authorization grant (e.g., authorization
               code, resource owner credentials) or refresh token is
               invalid, expired, revoked, does not match the redirection
               URI used in the authorization request, or was issued to
               another client.
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Spec compliance: invalid_request returned when refresh token invalid #993

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Spec compliance: invalid_request returned when refresh token invalid #993

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions