On Mon, Apr 19, 2010 at 8:03 PM, Marius Scurtescu <[email protected]>wrote:

> Hi Eran,
>
> The spec looks really good, thanks for all the work you put into it.
>
> I think it was a good idea to remove the 401 responses and use only 400.
>
>
In WRAP we had used 401s when the client credentials were invalid and 400
when the parameters were invalid in an attempt to stick with HTTP error
codes.

I agree that is is better to consistently return 400 and an optional error
parameter that provides more clarity to the developer on what caused the
error.

-- Dick
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to