On 09.05.2011 18:49, Eran Hammer-Lahav wrote:
...
The OAuth WG is seeking guidance on the following questions:
1. Should the WG define a general purpose method for returning errors with a
401 WWW-Authenticate headers, including a cross-scheme error code registry?
...
Not sure. Are there error conditions servers *want* to reveal, and which
also have interoperable implications for clients across authentication
schemes? That is, can they really be re-used?
If that's the case, a standalone document defining these parameters,
with an easy way for new schemes to include these params would make sense.
...
[2] http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-04
...
That being said, here are a few comments about the aforementioned spec.
error = "error" "=" quoted-string
error-desc = "error_description" "=" quoted-string
error-uri = "error_uri" = <"> URI-reference <">
This probably should be
error = "error" "=" quoted-string
error-desc = "error_description" "=" quoted-string
error-uri = "error_uri" "=" DQUOT URI-reference DQUOT
(missing quotes around the "=", and also please avoid prose productions).
Also, you do seem to ignore I18N issues with the error_description.
What's the encoding?
(and, as a matter of taste, I'd prefer hyphens instead of underscores in
parameter names...).
Best regards, Julian
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
