> -----Ursprüngliche Nachricht----- > Von: Marcus Better [mailto:mar...@better.se] > Gesendet: Mittwoch, 29. Juni 2011 11:58 > An: oauth@ietf.org > Betreff: Re: [OAUTH-WG] Resource Owner Password Credentials > question/feedback > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 2011-06-28 18:05, Brian Campbell wrote: > > invalid_grant seems like the appropriate error as the username and > > password are the grant in the context of the Resource Owner Password > > Credentials flow/grant type. > > What should the HTTP status code be? The spec seems to indicate 400, > but > I would think 401 would be appropriate?
401 would be the correct status code if OAuth would use HTTP authentication for the authentication of the resource owner. But it doesn't. Instead HTTP authentication (BASIC) is used to authenticate the OAuth client whereas the resource owner's credentials are passed via request parameters. regards, Torsten. > > Cheers, > > Marcus > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk4K9zkACgkQXjXn6TzcAQmI7gCg8nKkTbb2rKFAXTEMm6WMaPL0 > o3EAoKYHWKhCmqcFTZHDCcGpw65Leukz > =ocuC > -----END PGP SIGNATURE----- > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
