> -----Original Message----- > From: Justin Richer [mailto:[email protected]] > Sent: Tuesday, March 15, 2011 2:38 PM
> Having a standard set of oauth errors on the protected > resource is a good idea. That said: Not practical. Given the wide range of token types and schemes, each will have to define its own way of handling errors. For example, MAC uses HTTP codes because the error codes were a direct map and defining extra values was simply wasteful. Bearer takes a different approach. No value in forcing a unified scheme approach here. > Like I said in a previous email, I'm happy with it being a uri-based > extension, > like grant_type. Great. > I still think there's value in structuring what the short codes are It's just a pre-defined, non-extensible set. Anything else is a URI, just like grant type. Exactly the same. > I disagree that the errors are all about the client being able to > automatically > do something about them -- they're just as useful to push up the stack to > developers. For that we have two human readable error fields. EHL _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
