You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| 400 | Bad Request | Malformed authorization request |
375
375
376
-
#### Scope Error Handling
376
+
#### Scope Challenge Handling
377
377
378
378
This section covers handling insufficient scope errors during runtime operations when
379
379
a client already has a token but needs additional permissions. This follows the error
@@ -426,9 +426,7 @@ Clients acting on behalf of a user **SHOULD** attempt the step-up authorization
426
426
The flow is as follows:
427
427
428
428
1.**Parse error information** from the authorization server response or `WWW-Authenticate` header
429
-
2.**Determine required scopes** using the following algorithm:
430
-
- If the `scope` parameter is present in the `WWW-Authenticate` header, use those scopes exactly as specified (trusting the server to include any necessary existing scopes along with newly required scopes)
431
-
- If `scope` is not available, use all scopes listed in `scopes_supported` from the Protected Resource Metadata document
429
+
2.**Determine required scopes** as outlined in [Scope Selection Strategy](#scope-selection-strategy).
432
430
3.**Initiate (re-)authorization** with the determined scope set
433
431
4.**Retry the original request** with the new authorization no more than a few times and treat this as a permanent authorization failure
0 commit comments