Add clarification about how to inform the resource owner without redi…

…rection
camaraproject · Oct 23, 2024 · 8896ce8 · 8896ce8
1 parent 2b429dc
commit 8896ce8
Showing 1 changed file with 1 addition and 3 deletions.
diff --git a/documentation/CAMARA-Security-Interoperability.md b/documentation/CAMARA-Security-Interoperability.md
@@ -302,9 +302,7 @@ This section describes the error responses that the Authorization Server MUST re
 
 #### Authorization Code Flow
 
-If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid,
-the authorization server MUST NOT automatically redirect the user-agent and SHOULD inform the resource owner of the
-error.
+If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server MUST NOT automatically redirect the user-agent and SHOULD inform the resource owner of the error. For instance, the authorization server MAY display a message to the user describing the problem.
 
 In other cases, the authorization server redirects the user-agent to the provided client redirection URI using the HTTP status code `302-Found` and includes the following `error` code parameter within the response: