That's an interesting and informative RFC, but it recommends using the 500 response code for all errors (unless I'm misreading). Errors due to incorrect input should be 4xx.
On Mon, Mar 22, 2010 at 10:02 PM, Richard Barnes <rbar...@bbn.com> wrote: > In case it's helpful, BCP 56 / RFC 3205 provides recommendations for using > HTTP as a substrate for other protocols: > > <https://tools.ietf.org/html/bcp56> > ... in particular with respect to status codes: > > <https://tools.ietf.org/html/bcp56#section-8> > > It's worth thinking about how that document applies to OAuth, since the > goal here isn't really necessariliy to use HTTP as a substrate, but rather > to extend HTTP in certain ways. > > --Richard > > > > > On Mar 22, 2010, at 10:56 AM, David Recordon wrote: > > In drafting OAuth 2.0 I removed a lot of the error codes throughout >> the flows and in this draft encouraged people to use HTTP status codes >> (like 1.0a does). I've heard the feedback from multiple people that >> they'd like more specific error codes than what can be expressed in >> HTTP. I'd like to use this thread – or ideally a wiki page that >> someone creates – to build consensus around the error codes needed >> throughout protocol responses. >> >> Is someone willing to take the lead on this? http://wiki.oauth.net/ >> should be easy enough to create a new page on. >> >> Thanks, >> --David >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
