Best practices and error handling
Last updated
Validate the state parameter to prevent CSRF attacks
Store secrets securely (confidential clients only)
Implement proper error handling for expired or invalid tokens
openid: Required for OpenID Connect authentication
Add other Make-specific scopes as needed for your application
Common error responses from the token endpoint:
invalid_request
Missing or invalid parameters
invalid_client
Invalid client credentials
invalid_grant
Invalid or expired authorization code
unsupported_grant_type
Grant type not supported
Always check the response status and handle errors appropriately in your application.
Last updated