Error Response with invalid redirection URI on authorize endpoint

[user1336]

Same as #4075 but on the Authorize endpoint:

In the OAuth authorization_code flow, when validating the redirect_uri on the authorize endpoint, why do we return an unauthorized_client when the redirect_uri is invalid.

Shouldn't this be an invalid_request according to the spec:

invalid_request
The request is missing a required parameter, includes an
invalid parameter value, includes a parameter more than
once, or is otherwise malformed.
https://tools.ietf.org/html/rfc6749#section-4.1.2.1

Parameter is invalid, unauthorized_client says something about the method the client uses to request an authorization_code.

If you agree I can do the work on this.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Questions are community supported only and the authors/maintainers may or may not have time to reply. If you or your company would like commercial support, please see here for more information.

[brockallen]

We didn't see a PR for the authorize EP as well, so we just made the fix. Thanks.

[user1336]

If you'd agreed, I would have made one.

Thanks anyway, this helps a lot!

[brockallen]

No worries. Thanks

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.