Hi, I'm trying to implement OAuth 2.0 provider support and, in particular, right handling of errors.
Following OAuth 2.0 spec : http://tools.ietf.org/html/draft-ietf-oauth-v2-28, I don't understand the authorization request errors : part 4.1.2.1. If I have a valid redirection url, I understand that an error should be returned with GET parameters (error, error_description...) in the redirected url as shown in example. But in case of invalid redirection url or unknown client_id (which makes validation of redirection url impossible), what http code should I return ? 500 ? 400 ? What should be the format of the error message ? Json ? plaintext ? like a POST body ? I'm certainly misunderstanding OAuth spec, but I would appreciate any help. Thanks. Best regards, Jérôme
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
