I don't have an opinion on this. On this matter, I simply follow consensus. If you feel strong about an expired error value, just ask for it to be put back in and we can negotiate the language. That's all it takes. But keep in mind we are at the end of the process so if you want it back, we need to do it in -12 which is coming this week.
EHL > -----Original Message----- > From: Paul Walker [mailto:catch-...@paulwalker.tv] > Sent: Sunday, January 09, 2011 12:59 AM > To: Eran Hammer-Lahav > Cc: OAuth WG > Subject: Re: [OAUTH-WG] expired access token : deserves unique code? > > Brian, Eran, et all > > I don't understand the need to discard relevant data while the authorization > between end user and provider are valid. > > > On Jan 7, 2011, at 11:10 PM, Eran Hammer-Lahav wrote: > > > http://www.ietf.org/mail-archive/web/oauth/current/msg03734.html > > > > > >> -----Original Message----- > >> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On > >> Behalf Of Paul Walker > >> Sent: Friday, January 07, 2011 4:53 PM > >> To: OAuth WG > >> Subject: [OAUTH-WG] expired access token : deserves unique code? > >> > >> As far as I can tell (which isn't very far on many Friday > >> afternoons), there is no way for a client to distinguish an expired > >> access token from a revoked, malformed, etc token as the > >> invalid_token error parameter value encompasses multiple scenarios. > >> Of course, a client could parse the error_description, but this is an > >> optional parameter with no guaranty of a common value among > providers. > >> > >> Given that the client would want to make an explicit decision to > >> request another access token using a refresh token (if available), > >> would it not benefit clients if a specific error parameter value was > >> defined > for this scenario? > >> > >> _______________________________________________ > >> OAuth mailing list > >> OAuth@ietf.org > >> https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
