Thank you very much. It is the specification for token_type=bearer but really useful. I'm ashamed of having forgotten the content of RFC 6750 although I had read it once before.
Best Regards, Takahiko Kawasaki 2014-07-30 21:23 GMT+09:00 Brian Campbell <bcampb...@pingidentity.com>: > Take a look at RFC 6750 "The OAuth 2.0 Authorization Framework: Bearer > Token Usage" - particularly section 3: > http://tools.ietf.org/html/rfc6750#section-3 which describes using the > "WWW-Authenticate" response header field in response to a request with > an invalid/insufficient/missing/etc token. > > On Tue, Jul 29, 2014 at 8:10 PM, Takahiko Kawasaki <daru...@gmail.com> wrote: >> Hello, >> >> I have a question. Is there any standardized specification about >> error responses from protected resource endpoints? >> >> "RFC 6749, 7.2. Error Response" says "the specifics of such error >> responses are beyond the scope of this specification", but I'm >> wondering if OAuth WG has done something for that. >> >> >From error responses, I'd like to know information about: >> >> (1) Usability (active or expired? (or not exist?)) >> (2) Refreshability (associated usable refresh token exists?) >> (3) Sufficiency (usable but lacking necessary permissions?) >> >> For example, I'm expecting an error response like below with >> "400 Bad Request" or "403 Forbidden". >> >> { >> "error":"...", >> "error_description":"...", >> "error_uri":"...", >> "usable": true, >> "refreshable": true, >> "sufficient": false >> } >> >> >> Best Regards, >> Takahiko Kawasaki >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
