On Fri, Dec 8, 2017 at 11:42 AM, Vladimir Dzhuvinov <vladi...@connect2id.com > wrote:
> Hi, > > I just got a question on Twitter about the slow_down error: > > https://tools.ietf.org/html/draft-ietf-oauth-device-flow-07#section-3.5 > > The question was why slow_down is communicated via HTTP status code 400 > and not 429 (Too Many Requests). > We could, it seems to match the intent of that error code. Main reason it's not like that so far is that 400 is the default for OAuth, I fear people may not be checking for a 429. We don't strictly *need* the 429, since we're returning data in machine readable format one way or another (i.e. it's easy for the client to extract the "slow_down" response either way), which differs from HTML over HTTP which is intended for end-user consumption, making the specific status code more important. What do others think about this? It's a simple change to make. > > Thanks, > > Vladimir > > > On 27/11/17 15:55, Rifaat Shekh-Yusef wrote: > > All, > > > > As discussed in Singapore, we are starting a WGLC for the > > *draft-ietf-oauth-device-flow-07* document, starting today and ending on > > December 11, 2018. > > https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/ > > > > Please, review the document and provide feedback on the list. > > > > Regards, > > Rifaat & Hannes > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
