discord-api-docs icon indicating copy to clipboard operation
discord-api-docs copied to clipboard

Published 20 hours ago verified publisher icon discord

Invalid OAuth request should return invalid_request error instead of unsupported_grant_type

Open MinnDevelopment opened this issue 1 year ago • 0 comments

Description

According to RFC 6749 §5.2, the server should respond with invalid_request if the request is missing required parameters:

         invalid_request
               The request is missing a required parameter, includes an
               unsupported parameter value (other than grant type),
               repeats a parameter, includes multiple credentials,
               utilizes more than one mechanism for authenticating the
               client, or is otherwise malformed.

However, this doesn't seem to be the case with the token endpoint.

Steps to Reproduce

Send this curl command:

curl -X POST \
 -H 'Content-type: application/x-www-form-urlencoded' \
 -d 'invalid=true' \
 https://discord.com/api/oauth2/token

Or send a completely wrong format:

curl -X POST \
 -H 'Content-type: application/json' \
 -d '{}' \
 https://discord.com/api/oauth2/token

Expected Behavior

An invalid_request error due to the missing required fields and generally incorrectly formatted request:

{
  "error": "invalid_request",
  "error_description": "The request is not formatted correctly"
}

Current Behavior

A completely unrelated error:

{
  "error": "unsupported_grant_type",
  "error_description": "Grant type None is not supported"
}

Screenshots/Videos

No response

Client and System Information

API v10

MinnDevelopment avatar Jul 26 '22 21:07 MinnDevelopment