Hi
On 23/05/13 21:57, Lewis Adam-CAL022 wrote:
Hi,
Section 2.2 (Revocation Response) of draft-ietf-oauth-revocation-09 states:
The authorization server responds with HTTP status code 200 if the
token has been revoked sucessfully or if the client submitted an
invalid token. The content of the response body does not matter as
all information is conveyed in the response code.
Am I just missing it, or does the draft not define the response code(s)?
Also, it seems a bit strange to return a 200 in response to an invalid
token. 200 implies that the request has succeeded, which should not be
the case in an error condition (invalid token).
As far as I recall it was done to prevent the rogue clients from
figuring out where did they fail; I asked was it something that now
should apply to other similar cases, but did not get any feedback.
Cheers, Sergey
Also (small typo) … there should be two c’s in successfully.
adam
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
