I'm intrigued by the idea of returning scopes in the 403 response to a resource.
I'll see if we can provide a working example of it. On Apr 23, 2010, at 5:05 PM, Brian Eaton wrote: > On Thu, Apr 22, 2010 at 6:11 PM, Manger, James H > <james.h.man...@team.telstra.com> wrote: >> We mustn't drop advertisements (details in 401 responses). >> We mustn't drop the goal of a standard for interoperability. > > I share the goals, I just don't think that a specification is the way > to get there. I think working examples in the wild would help > enormously. > >> Defining a scope field in a 401 response is the novel aspect that “might not >> actually work”. Allowing a 'scope' query parameter in authz URIs is be quite >> separate. > > Yeah, I agree with that analysis. > > Though I don't know of any providers that are returning authorization > URLs in 401 responses right now. That's novel, too. > > Cheers, > Brian > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
