Getting bad_request if user Forgets the application
Answered
If a user Forgets 'A' application from account settings and tries to access files from the 'A' application following scenario happens -
As application doesn't known it's been forgotten it tries to get a new access token using existing refresh token, but while trying to do so application is getting 400 (bad_request). Shouldn't it get 401 or 404. As I'm getting the vague 400(bad_request), can't take any decision depending on that.
-
Hi Farsim,
this is and probably will be a matter of debate.
From the RFC7231:
6.5.1. 400 Bad Request
The 400 (Bad Request) status code indicates that the server cannot or
will not process the request due to something that is perceived to be
a client error (e.g., malformed request syntax, invalid request
message framing, or deceptive request routing).The wording does not exclude problems with the content, it just clearly states the server will not process this in your case and you could perceive your scenario as deceptive request routing.
Due to the fact, that the API is around a long time, a change of this behaviour is now very unlikely to be changed.
Please sign in to leave a comment.
Comments
1 comment