On 2012-04-10 16:03, Alexey Melnikov wrote:
...
2). Section "3.1. Error Codes"
I've suggested to use an IANA registry for this field. Apparently there
is already a registry created by
<http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-11.4>.
However this document doesn't register values defined in section 3.1
with IANA and doesn't point to draft-ietf-oauth-v2-23 for the registry.
I find this to be very confusing.
...
Speaking of which, how is an error code returned if the HTTP status is
*not* 401?
3.1. Error Codes
When a request fails, the resource server responds using the
appropriate HTTP status code (typically, 400, 401, 403, or 405), and
includes one of the following error codes in the response:
invalid_request
The request is missing a required parameter, includes an
unsupported parameter or parameter value, repeats the same
parameter, uses more than one method for including an access
token, or is otherwise malformed. The resource server SHOULD
respond with the HTTP 400 (Bad Request) status code.
...
Is the assumption that the response body is always application/json in
that case? It might be good to clarify that.
Best regards, Julian
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
