Rate limiting an HTTP connection is not something OAuth-specific. HTTP
error code "429 Too Many Requests" is probably your best bet for getting
clients to behave:
http://tools.ietf.org/html/rfc6585#section-4
-- Justin
On 07/16/2013 12:30 PM, Santiago Pérez wrote:
Dear all,
We are implementing a OAuth 2.0 server and there is a point that is
not clear for me in the RFC 6749.
What error should we return when the maximum number of attempts for
resource owner credentials is exceeded? I can not see any suitable
error in the current RFC.
We are implementing a policy for controlling this X attempts per
period (e.g.: 3 times/15 minutes)
Thanks for your answer.
Kind Regards,
Santiago Pérez
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
