On 2011-05-19 19:47, Kris Selden wrote:
I totally missed the error_description in the WWW-Authenticate header in the bearer spec. I'm not sure why the human readable error description is not in the response body on a 401 but I assume there is a reason.
Dunno.
Is what you were proposing only apply to error_description when in HTTP headers?
Yes.
...
BR, Julian _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth