What HTTP client do you use? EHL
On 3/12/09 4:30 PM, "Zhihong" <[email protected]> wrote: I added WWW-Authenticate but now it complains unknown scheme. I disabled the HTTP auth and the warnings went away. I am new to OAuth and don't know the reason behind using 401. I just don't see the benefits of overloading HTTP authentication mechanism. Thanks! Zhihong On Mar 12, 7:27 pm, Eran Hammer-Lahav <[email protected]> wrote: > No. > > Return 401 with the WWW-Authenticate header. > > WWW-Authenticate: OAuth realm="your.server.example.com" > > EHL > > On 3/12/09 1:40 PM, "Zhihong" <[email protected]> wrote: > > OAuth spec uses HTTP 401 (Unauthorized) as error code. We just > discovered that our HTTP client logs a warning (missing WWW- > Authenticate header) when receiving this status code because it > expects HTTP authentication when receiving this code. > > Considering the special meaning of 401 in HTTP authentication, would > it be better to use 403 (Forbidden) instead? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
