William, I will start working on the write-up soon.
Regards, Rifaat On Tue, Jan 2, 2018 at 4:07 PM, William Denniss <wdenn...@google.com> wrote: > > On Fri, Dec 15, 2017 at 11:12 PM, Vladimir Dzhuvinov < > vladi...@connect2id.com> wrote: > >> On 15/12/17 00:43, William Denniss wrote: >> > On Fri, Dec 8, 2017 at 11:42 AM, Vladimir Dzhuvinov < >> vladi...@connect2id.com >> >> wrote: >> >> Hi, >> >> >> >> I just got a question on Twitter about the slow_down error: >> >> >> >> https://tools.ietf.org/html/draft-ietf-oauth-device-flow-07# >> section-3.5 >> >> >> >> The question was why slow_down is communicated via HTTP status code 400 >> >> and not 429 (Too Many Requests). >> >> >> > We could, it seems to match the intent of that error code. Main reason >> it's >> > not like that so far is that 400 is the default for OAuth, I fear people >> > may not be checking for a 429. We don't strictly *need* the 429, since >> > we're returning data in machine readable format one way or another (i.e. >> > it's easy for the client to extract the "slow_down" response either >> way), >> > which differs from HTML over HTTP which is intended for end-user >> > consumption, making the specific status code more important. >> Yes, on a 400 clients will need to check the error JSON object anyway, >> so the "slow_down" cannot be missed. Whereas with 429 that becomes more >> likely. >> >> +1 to return "slow_down" with status 400 as it is with the other OAuth >> error codes. >> > > Thanks for considering this Vladimir. To conclude this topic, it seems > there are no compelling reasons to change to the 429, and a reasonable > explanation of why it's a 400, so I think we should keep things as-is. > > Rifaat: The deadline has passed on the WGLC, and I believe all comments > raised have been addressed. Can we now advance the draft? > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
