Why do we need invalid_token as an error code at all? To me it only introduces
a way to get information about tokens. Invalid parameter I can see as a use
case, but if the token is invalid just return 200/OK because there is nothing
to do.
-bill
________________________________
From: Torsten Lodderstedt <tors...@lodderstedt.net>
To: OAuth WG <oauth@ietf.org>
Sent: Sunday, February 3, 2013 5:01 AM
Subject: [OAUTH-WG] draft-ietf-oauth-revocation
Hi all,
before I publish a new revision of the draft, I would like to sort out the
following issues and would like to ask you for your feedback.
- Authorization vs. access grant vs. authorization grant: I propose to use
"authorization grant".
- invalid_token error code: I propose to use the new error code
"invalid_parameter" (as suggested by Peter and George). I don't see the need to
register it (see
http://www.ietf.org/mail-archive/web/oauth/current/msg10604.html) but would
like to get your advice.
- Donald F. Coffin raised the need for a token_type parameter to the revocation
request. Shall we re-consider this topic?
best regards,
Torsten.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
