Wouldn't expired_token be appropriate here?

On Wed, Jul 5, 2017 at 12:02 PM Chris Needham <[email protected]>
wrote:

> Hi,
>
> I'm one of the contributors to the ETSI Cross Platform Authentication spec
> [1], which was based on an early draft of the OAuth 2.0 Device Flow.
>
> One of the things we found useful, and not included in the current OAuth
> 2.0 Device Flow [2, section 3.5], is a return code for the case where the
> authorization server decides to cancel the pairing process. This may be due
> to a user interaction, such as declining the presented terms and
> conditions, for example. Such a return code allows the client to stop
> polling and to display an appropriate message to the user. (I didn't find a
> suitable error code in RFC6749.)
>
> In the ETSI spec we used the error code 'cancelled' for this purpose:
>
> cancelled
>
>   The authorization server has cancelled the pairing process. This can
> occur,
>   for example, if the user declined to authorize the client, e.g., by not
>   accepting terms and conditions presented to them by the authorization
> server.
>
> Best regards,
>
> Chris
>
> [1]
> http://www.etsi.org/deliver/etsi_ts/103400_103499/103407/01.01.01_60/ts_103407v010101p.pdf
> [2] https://tools.ietf.org/id/draft-ietf-oauth-device-flow-06.txt
>
> --
> Chris Needham
> Principal Software Engineer
> BBC Research & Development
> Centre House, 56 Wood Lane, London W12 7SB
>
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
>
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to