No. Return 401 with the WWW-Authenticate header.
WWW-Authenticate: OAuth realm="your.server.example.com" EHL On 3/12/09 1:40 PM, "Zhihong" <[email protected]> wrote: OAuth spec uses HTTP 401 (Unauthorized) as error code. We just discovered that our HTTP client logs a warning (missing WWW- Authenticate header) when receiving this status code because it expects HTTP authentication when receiving this code. Considering the special meaning of 401 in HTTP authentication, would it be better to use 403 (Forbidden) instead? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
