-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://wiki.oauth.net/ProblemReporting has timestamp_refused (and also verifier_invalid), but it unclear about the mapping between those more specific conditions and the generic HTTP conditions. IMHO this needs to be clarified in draft-ietf-oauth-authentication as the specs are worked on in the Oauth WG:
http://tools.ietf.org/html/draft-ietf-oauth-authentication-01 http://tools.ietf.org/wg/oauth/ Peter On 8/22/09 10:24 PM, Doug Kaye wrote: > Same question for bad timestamps. The spec (paragraph 10) says > timestamps must be >= previous timestamps but there's no HTTP 400/401 > string for this. > > On Aug 22, 7:59 pm, Doug Kaye <[email protected]> wrote: >> Spec 6.3.2 (service provider processing of access token request) says >> to return an HTTP error if the oauth_verifier is bad. But Spec >> paragraph 10 indicates neither whether a 400 or 401 should be returned >> nor an appropriate text string. What is expected? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqW3lcACgkQNL8k5A2w/vzemgCfdD+U1bGQsvbbph7bG/hLDVhW 8PwAoLWDCJpvUPzVbvXplUtXsU+qel9n =an20 -----END PGP SIGNATURE----- --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
