Hi, Section 2.2 (Revocation Response) of draft-ietf-oauth-revocation-09 states:
The authorization server responds with HTTP status code 200 if the token has been revoked sucessfully or if the client submitted an invalid token. The content of the response body does not matter as all information is conveyed in the response code. Am I just missing it, or does the draft not define the response code(s)? Also, it seems a bit strange to return a 200 in response to an invalid token. 200 implies that the request has succeeded, which should not be the case in an error condition (invalid token). Also (small typo) ... there should be two c's in successfully. adam
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
