-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 8/27/09 4:52 PM, Doug Kaye wrote: > Thanks, Leah. > > And how about for a non-matching Verifier? Should it be: > > 401 Invalid Verifier > > I only brought this up because it seems that other specific invalid > objects (keys, tokens, signatures, nonces) have explicit strings in > the spec but that didn't seem to be the case for timestamps and > verifiers.
http://wiki.oauth.net/ProblemReporting has: verifier_invalid: the oauth_verifier is incorrect. timestamp_refused: the oauth_timestamp value is unacceptable to the Service Provider. In this case, the response SHOULD also contain an oauth_acceptable_timestamps parameter... > Something to add to the spec in the next draft or update. IMHO this will go in the Internet-Draft. See the discussion in this thread: http://www.ietf.org/mail-archive/web/oauth/current/msg00237.html Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqXOtUACgkQNL8k5A2w/vyELQCg+SgHpgfI3J2M6myC7Rhnt36K 9YgAoIc/5t5nu7YoKR8XGROQb+YA/9oR =PeG8 -----END PGP SIGNATURE----- --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---