I've thought about that, and I thought we could just add the error message when we add new alg. e.g., when we add SHA-3-256, we can add SHA-3-256_unsupported. On Thu Nov 13 2014 at 5:56:38 Mike Jones <michael.jo...@microsoft.com> wrote:
> Is S256_unsupported or algorithm_unsupported the better error > description? I’m asking because I also expect that at some point in the > approval process for this document you’ll be asked to support algorithm > agility (for instance, being able to use SHA-3-256). > > > > -- Mike > > > > *From:* OAuth [mailto:oauth-boun...@ietf.org] *On Behalf Of *Nat Sakimura > *Sent:* Wednesday, November 12, 2014 10:49 AM > *To:* oauth > *Subject:* [OAUTH-WG] Adding machine readable errors to SPOP? > > > > As discussed at F2F today at IETF 91 OAuth WG, there has been some request > to have a more fine grained machine readable error messages. > > > > Currently, it only returns the error defined in RFC6749 and any more > details is supposed to be returned in error_descripton and error_uri. > > > > So, I came up with the following proposal. If WG agrees, I would put text > embodying it into the draft-04. Otherwise, I would like to go as is. You > have to speak out to put it in. (I am sending out -03, which we meant to > send before submit freeze, without it..) > > > > nError response to authorization request > > lReturns invalid_request with additional error param spop_error with the > following values: > > ▪S256_unsupported > > ▪none_unsupported > > ▪invalid_code_challenge > > Clients MUST NOT accept the downgrade > > request through this as it may be a downgrade > > attack by a MITM. > > nError response to token request > > lReturns invalid_request with additional error param spop_error with the > following values: > > ▪invalid _code_verifier > > ▪verifier_challenge_mismatch > > nAuthorization server should return more descriptive information on > > lerror_description > > lerror_uri > > > > > > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
