On 2/4/13 3:41 PM, Richer, Justin P. wrote:
On Feb 3, 2013, at 8:01 AM, Torsten Lodderstedt <tors...@lodderstedt.net> wrote:
- invalid_token error code: I propose to use the new error code
"invalid_parameter" (as suggested by Peter and George). I don't see the need to
register it (see http://www.ietf.org/mail-archive/web/oauth/current/msg10604.html) but
would like to get your advice.
something more like "invalid_token_parameter" would maybe make sense, since it's not just
*any* parameter, it's the special "token" parameter that we're talking about, but it's
distinct from the invalid_token response. The introspection endpoint uses the same pattern of a
token= parameter, but since the whole point of the introspection endpoint is determining token
validity it doesn't actually throw an error here.
I agree that it doesn't need to be registered (since it's on a different
endpoint).
For what it's worth my thinking was that if we have an
'invalid_parameter' error, then the description can define which
parameter is invalid. I don't think we should create a bunch of specific
error values that are endpoint specific and could overlap which is where
the whole error return value started.
Thanks,
George
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
