On Mon, Apr 19, 2010 at 8:03 PM, Marius Scurtescu <[email protected]>wrote:
> Hi Eran, > > The spec looks really good, thanks for all the work you put into it. > > I think it was a good idea to remove the 401 responses and use only 400. > > In WRAP we had used 401s when the client credentials were invalid and 400 when the parameters were invalid in an attempt to stick with HTTP error codes. I agree that is is better to consistently return 400 and an optional error parameter that provides more clarity to the developer on what caused the error. -- Dick
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
