Invalid authorization code now returns 401 instead of 403

arthuston-abacus · May 21, 2021, 4:48pm

We are in a private tenant. Starting this week our unit tests started failing. Previously, an invalid authorization code in the oauth/token request was returning 403, and is now returning 401.

401 is more correct, since 403 (Forbidden) is usually missing scopes.

Can someone confirm this change was intentional? When was it rolled out?
Is it uniform across all tenants (e.g. across all the tenants in our private instance)?

dan.woda · May 24, 2021, 4:54pm

Hi @arthuston-abacus,

Would you please send me a DM with the name of the account and tenant that has been effected?

system · July 13, 2021, 4:31pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
401 Unauthorized, again Feedback error	1	559	November 28, 2023
Authorisation code flow: Error 403 Help	8	12733	November 23, 2021
Unlogged 401 attempt when rotating secret Help token-endpoint , 401	8	4370	September 3, 2019
Login fails with error code 403 instead of 401 Help	2	8702	December 31, 2023
Unauthorized 'Invalid token' response when trying to call Authorization API Help authorization-extens , api-authorization , unauthorized	6	24749	January 7, 2019

Invalid authorization code now returns 401 instead of 403

Related topics