Skip to content

Duplicated parameters on authorize. #755

Description

@dgnin

On the OAuth guide for The Authorization Response says the redirect has to be attached with an invalid_request error query string parameter when:

invalid_request – the request is missing a parameter, contains an invalid parameter, includes a parameter more than once, or is otherwise invalid.

The library throws a InvalidRequestError in the two first cases, but when I provide a request body with a duplicated parameter, which translates into a parameter with an array value, it doesn't throw any exception, and as far I understand it should.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions