:*Lodderstedt, Torsten [mailto:t.lodderst...@telekom.de]
*Sent:* Thursday, June 30, 2011 6:38 AM
*To:* Eran Hammer-Lahav; George Fletcher; oauth@ietf.org
*Subject:* AW: [OAUTH-WG] Resource Owner Password Credentials
question/feedback
Issuing a refresh token is more a function of the access grant
[mailto:gffle...@aol.com]
Gesendet: Dienstag, 28. Juni 2011 17:47
An: oauth@ietf.org
Betreff: [OAUTH-WG] Resource Owner Password Credentials question/feedback
I'm working on spec'ing out a use of the Resource Owner Password Credentials
flow and in trying to map out possible error cases, realized
(based on user
approval and policy).
EHL
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Lodderstedt, Torsten
Sent: Thursday, June 30, 2011 1:10 AM
To: George Fletcher; oauth@ietf.org
Subject: Re: [OAUTH-WG] Resource Owner Password Credentials question/feedback
No exactly
.
Von: George Fletcher [mailto:gffle...@aol.com]mailto:[mailto:gffle...@aol.com]
Gesendet: Dienstag, 28. Juni 2011 17:47
An: oauth@ietf.orgmailto:oauth@ietf.org
Betreff: [OAUTH-WG] Resource Owner Password Credentials question/feedback
I'm working on spec'ing out a use of the Resource Owner Password
AM
To: Eran Hammer-Lahav; George Fletcher; oauth@ietf.org
Subject: AW: [OAUTH-WG] Resource Owner Password Credentials question/feedback
Issuing a refresh token is more a function of the access grant duration than
anything else.
Agreed. How shall the user influence this duration? There is no direct
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2011-06-28 18:05, Brian Campbell wrote:
invalid_grant seems like the appropriate error as the username and
password are the grant in the context of the Resource Owner Password
Credentials flow/grant type.
What should the HTTP status code be?
I'm working on spec'ing out a use of the Resource Owner Password
Credentials flow and in trying to map out possible error cases, realized
that there is no good error for the case that the resource owner's
password credentials are invalid. Section 4.3 of draft 16 references
section 5.2 for
invalid_grant seems like the appropriate error as the username and
password are the grant in the context of the Resource Owner Password
Credentials flow/grant type.
On Tue, Jun 28, 2011 at 9:47 AM, George Fletcher gffle...@aol.com wrote:
I'm working on spec'ing out a use of the Resource Owner
Yep. Invalid grant is the right error code.
EHL
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of Brian Campbell
Sent: Tuesday, June 28, 2011 9:05 AM
To: George Fletcher
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Resource Owner Password