On Tue, Apr 5, 2011 at 3:51 PM, Eran Hammer-Lahav <e...@hueniverse.com> wrote:
> The following is my new proposal, based on Mike Jones’ and my earlier
> proposals. It is basically a combination of the two.

Looks good.


> This proposal does not allow defining new error codes unless another
> extension is involved (new grant type, request parameter, token type). The
> reason for not defining an open ended error registry is that defining new
> error codes for existing implementations is bad for interoperability and can
> lead to unexpected results (developers not taking into account receiving a
> new error when talking to a compliant 2.0 server). We don't have any use
> cases for defining such new errors for the v2 specification. New errors only
> come from extensions and must be defined in that context.

Isn't this sentence "Additional error codes used with unregistered
extensions MAY be registered." contradicting what you are saying
above? It seems to open the door to register error codes not
associated with a registered extension.


Glad to see this issue solved :-)

Marius
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to