I'm dropping it from MAC. EHL
> -----Original Message----- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Andrew Wooster > Sent: Friday, May 20, 2011 8:42 PM > To: Julian Reschke > Cc: Kris Selden; OAuth WG > Subject: Re: [OAUTH-WG] Language encoding in error_description > > On May 19, 2011, at 10:52 AM, Julian Reschke wrote: > > On 2011-05-19 19:47, Kris Selden wrote: > >> I totally missed the error_description in the WWW-Authenticate header in > the bearer spec. I'm not sure why the human readable error description is > not in the response body on a 401 but I assume there is a reason. > > > > Dunno. > > > >> Is what you were proposing only apply to error_description when in HTTP > headers? > > > > Yes. > > That seems bad. Human readable text isn't something that should be put into > an HTTP header. > > The MAC spec has the same problem, in section 4.1. > > These should be brought in line with the OAuth v2 spec, which specifies the > human readable error descriptions going in the body. > > -Andrew > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
