Archived 2022.11.20. Content moved to error scenarios and responses.
Question
What is the appropriate Data Holder (DH) response during authorisation amendment, when a customer enters a customer identifier
which does not match the identifier
associated with the original cdr_arrangement_id
?
Should we display a static 401 or 403 error page, rather than redirecting the customer?
Answer
In the event of failed authentication, the appropriate response according to OAuth is to redirect with error code "access_denied" in the query component of the redirection URI, using the "application/x-www-form-urlencoded" format.
See:
Comments
0 comments
Please sign in to leave a comment.