400 (Http Bad Request)
All implemented cases (see below) sum up as a client-error. Means the call was used incorrectly. This might indicate a bug in the code. Handle by showing the user an error and a "try later or reach the support" message.
- No client_id submitted.
- Submitted client_id invalid.
- No refresh_token submitted.
- Submitted refresh_token empty.
- Submitted contractAccount_id invalid.
- Submitted developerAccount_id invalid.
- Submitted organization_id invalid.
- Only one of contractAccount_id, developerAccount_id or organization_id can be submitted.
403 (Http Forbidden)
All implemented cases (see below) sum up to remove remove the refresh token, get a new one and retry to get the accessToken. If no refreshToken could be fetched the user is logged out (redirect to login might worth a try).
- Submitted refresh_token invalid. (e.g. at expired-date reached, invalid certificate, user does not exist anymore or token data was changes afterwards or user password/email was changed)
- Submitted token is no refresh_token. (Submitted refresh_token is not type "refresh".')
- Submitted client_id invalid. (wrong client-id or does not match refresh-token-sub)
- Submitted refresh_token is expired, because of intermittent user logout.
- Submitted client_id invalid, only modules allowed. (at mode=appointment)
Comments
0 comments
Please sign in to leave a comment.