You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
invalid_request: The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.
and
unsupported_response_type The authorization server does not support obtaining an authorization code using this method.
Since response_type is a required parameter we are of the opinion that actual error, when this field is absent, should be invalid_request instead of unsupported_response_type.
Expected behavior
The AuthorizeRequestValidator should return a different Invalid(...) response specified on this line.
Which version of Duende IdentityServer are you using?
Latest (6.3.5)
Which version of .NET are you using?
.NET 7
Describe the bug
If there is no
response_type
specified on the Authorize endpoint we return anunsupported_response_type
.RFC 6749 section 4.2.1 specifies that response_type is a required parameter:
RFC 6749 section 4.1.2.1 also specifies:
Since
response_type
is a required parameter we are of the opinion that actual error, when this field is absent, should beinvalid_request
instead ofunsupported_response_type
.Expected behavior
The
AuthorizeRequestValidator
should return a differentInvalid(...)
response specified on this line.Additional context
Simular issue to #44
The text was updated successfully, but these errors were encountered: