'invalid_grant'. Added (e.g.) to the error code to make it more explicit. EHL
> -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Colm Divilly > Sent: Tuesday, September 13, 2011 9:08 AM > To: [email protected] > Subject: [OAUTH-WG] Section 4.3. Resource Owner Password Credentials: > Invalid Credentials Error Handling > > Apologies if this has been covered before, a cursory search of the archives > and issue tracker didn't turn up anything. > > What is the expected error response when performing a Resource Owner > Password Credentials flow, if the resource owner provides incorrect > credentials? > > From reading the spec it looks like the expectation is that a response like > the > following should be generated: > > HTTP/1.1 400 Bad Request > Content-Type: application/json;charset=UTF-8 > Cache-Control: no-store > Pragma: no-cache > > { > "error":"invalid_request" > } > > Which is not terribly helpful for a user-agent trying to determine that it is > the > user supplied credentials at fault (and therefore be able to re-prompt the > user for credentials). Perhaps something like the following would be more > useful: > > HTTP/1.1 400 Bad Request > Content-Type: application/json;charset=UTF-8 > Cache-Control: no-store > Pragma: no-cache > > { > "error":"invalid_resource_owner_credentials" > } > > A bit verbose perhaps, any alternative suggestions? > > Regards, > Colm Divilly > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
