Best practices and error handling

Security best practices

Validate the state parameter to prevent CSRF attacks
Store secrets securely (confidential clients only)
Implement proper error handling for expired or invalid tokens

Common scopes

openid: Required for OpenID Connect authentication
Add other Make-specific scopes as needed for your application

Error handling

Common error responses from the token endpoint:

Error

Description

invalid_request

Missing or invalid parameters

invalid_client

Invalid client credentials

invalid_grant

Invalid or expired authorization code

unsupported_grant_type

Grant type not supported

Always check the response status and handle errors appropriately in your application.

PreviousAuthorization code flow with PKCE (public clients)NextPagination, sorting and filtering

Last updated 6 days ago