Hello,
I have a question. Is there any standardized specification about
error responses from protected resource endpoints?
"RFC 6749, 7.2. Error Response" says "the specifics of such error
responses are beyond the scope of this specification", but I'm
wondering if OAuth WG has done something for that.
>From error responses, I'd like to know information about:
(1) Usability (active or expired? (or not exist?))
(2) Refreshability (associated usable refresh token exists?)
(3) Sufficiency (usable but lacking necessary permissions?)
For example, I'm expecting an error response like below with
"400 Bad Request" or "403 Forbidden".
{
"error":"...",
"error_description":"...",
"error_uri":"...",
"usable": true,
"refreshable": true,
"sufficient": false
}
Best Regards,
Takahiko Kawasaki
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
