On Mon, Nov 14, 2022 at 5:18 PM Dmitry Telegin <dmitryt= 40backbase....@dmarc.ietf.org> wrote:
> > To sum up, my idea is that in cases when we can unambiguously establish > the scheme used, we should include error info into the corresponding > challenge only. In cases of ambiguity, both challenges should be used to > deliver error info. If this make sense, could it be worth covering this > topic in the spec? > Is there some text you could propose that offers guidance along those lines? Probably to go in sec 7.2, which is where multiple authentication schemes are mentioned. Your idea seems like a generally appropriate approach. I don't believe there's necessarily a right or wrong though. Some general guidance could be helpful but I'd be hesitant about going further. -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
