Hi all, another issue that came up in Sean's IESG review was about the encoding of the error / error_description / error_uri in the base and in the bearer specification.
As mentioned in my earlier mail about the registry for the error codes there are three error fields defined in the two specification and the error / error_description / error_uri fields are allowed to appear in different parts of an HTTP message. Depending on where they show up different encoding restrictions apply. For the core specification these error fields may appear in the * body of the HTTP message (encoded in JSON) * parameters to the query component of the redirection URI (using the "application/x-www-form-urlencoded" format) For the bearer specification these error fields appear in the HTTP header. Consequently, http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19 says 'values for the "error" and "error_description" attributes MUST NOT include characters outside the set %x20-21 / %x23-5B / %x5D-7E.' Now, here is the question. While these errors are essentially copied over from one spec to the other the different encoding restrictions make them different. Do we want different encodings of errors in the two documents? So, I see two options: 1) Leave the encoding as it is. This means the encoding of the error / error_description / error_uri in the two specifications is different. 2) Harmonize the encoding between the two specifications by incorporating the restrictions from the bearer specification into the base specification. Please indicate your preference by the end of next week (18th May 2012). Ciao Hannes _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
