Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec

Nat Sakimura Wed, 09 May 2012 15:59:40 -0700

+1 for the consistency.

Nat Sakimura


On 2012/05/10, at 0:18, William Mills <wmi...@yahoo-inc.com> wrote:

+1

  ------------------------------
*From:* Mike Jones <michael.jo...@microsoft.com>
*To:* Hannes Tschofenig <hannes.tschofe...@gmx.net>; "oauth@ietf.org WG" <
oauth@ietf.org>
*Sent:* Wednesday, May 9, 2012 3:15 PM
*Subject:* Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer
Spec

2) Consistent syntax across both OAuth specs.

                -- Mike

-----Original Message-----
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Hannes Tschofenig
Sent: Wednesday, May 09, 2012 3:07 PM
To: oauth@ietf.org WG
Subject: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec

Hi all,

another issue that came up in Sean's IESG review was about the encoding of
the error / error_description / error_uri in the base and in the bearer
specification.

As mentioned in my earlier mail about the registry for the error codes
there are three error fields defined in the two specification and the error
/ error_description / error_uri fields are allowed to appear in different
parts of an HTTP message.
Depending on where they show up different encoding restrictions apply.

For the core specification these error fields may appear in the
* body of the HTTP message (encoded in JSON)
* parameters to the query component of the redirection URI (using the
  "application/x-www-form-urlencoded" format)

For the bearer specification these error fields appear in the HTTP header.
Consequently, http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19 says
'values for the "error" and "error_description" attributes MUST NOT include
characters outside the set %x20-21 / %x23-5B / %x5D-7E.'

Now, here is the question. While these errors are essentially copied over
from one spec to the other the different encoding restrictions make them
different. Do we want different encodings of errors in the two documents?

So, I see two options:

1) Leave the encoding as it is. This means the encoding of the error /
error_description / error_uri in the two specifications is different.

2) Harmonize the encoding between the two specifications by incorporating
the restrictions from the bearer specification into the base specification.

Please indicate your preference by the end of next week (18th May 2012).

Ciao
Hannes

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


  _______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec

Reply via email to