Accepted wisdom says that you create a MIME media type in these sorts of scenarios.
On 28 March 2012 05:28, Werner Strydom <[email protected]> wrote: > Justin, > > I had a quick look. > > You may want to include "text/xml" as a valid xml media type since it is > widely used. Additional things to consider includes using XML Schema (XSD) to > describe the XML documents. It may also be useful to investigate with one > should use XML namespaces or custom media types to differentiate OAuth 2.0 > responses from other xml documents. > > For example, I'm writing a REST service which returns HTTP status 400 when > invalid data was passed. The resulting document is in "text/xml" format yet > conforms to a very different schema than the proposed OAuth xml documents. > How do we make this really simple for clients to know what is coming down the > line? > > This makes one wonder why the standard proposes we should return 400 when in > reality is should return 403 (Forbidden) when you are not authorized. > > Thanks, > Werner > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
