Validate the state parameter to prevent CSRF attacks
state
Store secrets securely (confidential clients only)
Implement proper error handling for expired or invalid tokens
openid: Required for OpenID Connect authentication
openid
Add other Make-specific scopes as needed for your application
Common error responses from the token endpoint:
invalid_request
Missing or invalid parameters
invalid_client
Invalid client credentials
invalid_grant
Invalid or expired authorization code
unsupported_grant_type
Grant type not supported
Always check the response status and handle errors appropriately in your application.
Last updated 8 months ago
