On Tue, Apr 5, 2011 at 3:51 PM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > The following is my new proposal, based on Mike Jones’ and my earlier > proposals. It is basically a combination of the two.
Looks good. > This proposal does not allow defining new error codes unless another > extension is involved (new grant type, request parameter, token type). The > reason for not defining an open ended error registry is that defining new > error codes for existing implementations is bad for interoperability and can > lead to unexpected results (developers not taking into account receiving a > new error when talking to a compliant 2.0 server). We don't have any use > cases for defining such new errors for the v2 specification. New errors only > come from extensions and must be defined in that context. Isn't this sentence "Additional error codes used with unregistered extensions MAY be registered." contradicting what you are saying above? It seems to open the door to register error codes not associated with a registered extension. Glad to see this issue solved :-) Marius _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth