Re: [OAUTH-WG] Standardized error responses from protected resource endpoints
Thank you very much. It is the specification for token_type=bearer
but really useful. I'm ashamed of having forgotten the content of
RFC 6750 although I had read it once before.
Best Regards,
Takahiko Kawasaki
2014-07-30 21:23 GMT+09:00 Brian Campbell :
> Take a look at RFC 6750 "The OAuth 2.0 Authorization Framework: Bearer
> Token Usage" - particularly section 3:
> http://tools.ietf.org/html/rfc6750#section-3 which describes using the
> "WWW-Authenticate" response header field in response to a request with
> an invalid/insufficient/missing/etc token.
>
> On Tue, Jul 29, 2014 at 8:10 PM, Takahiko Kawasaki wrote:
>> Hello,
>>
>> I have a question. Is there any standardized specification about
>> error responses from protected resource endpoints?
>>
>> "RFC 6749, 7.2. Error Response" says "the specifics of such error
>> responses are beyond the scope of this specification", but I'm
>> wondering if OAuth WG has done something for that.
>>
>> >From error responses, I'd like to know information about:
>>
>> (1) Usability (active or expired? (or not exist?))
>> (2) Refreshability (associated usable refresh token exists?)
>> (3) Sufficiency (usable but lacking necessary permissions?)
>>
>> For example, I'm expecting an error response like below with
>> "400 Bad Request" or "403 Forbidden".
>>
>> {
>> "error":"...",
>> "error_description":"...",
>> "error_uri":"...",
>> "usable": true,
>> "refreshable": true,
>> "sufficient": false
>> }
>>
>>
>> Best Regards,
>> Takahiko Kawasaki
>>
>> ___
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] Standardized error responses from protected resource endpoints
Take a look at RFC 6750 "The OAuth 2.0 Authorization Framework: Bearer
Token Usage" - particularly section 3:
http://tools.ietf.org/html/rfc6750#section-3 which describes using the
"WWW-Authenticate" response header field in response to a request with
an invalid/insufficient/missing/etc token.
On Tue, Jul 29, 2014 at 8:10 PM, Takahiko Kawasaki wrote:
> Hello,
>
> I have a question. Is there any standardized specification about
> error responses from protected resource endpoints?
>
> "RFC 6749, 7.2. Error Response" says "the specifics of such error
> responses are beyond the scope of this specification", but I'm
> wondering if OAuth WG has done something for that.
>
> >From error responses, I'd like to know information about:
>
> (1) Usability (active or expired? (or not exist?))
> (2) Refreshability (associated usable refresh token exists?)
> (3) Sufficiency (usable but lacking necessary permissions?)
>
> For example, I'm expecting an error response like below with
> "400 Bad Request" or "403 Forbidden".
>
> {
> "error":"...",
> "error_description":"...",
> "error_uri":"...",
> "usable": true,
> "refreshable": true,
> "sufficient": false
> }
>
>
> Best Regards,
> Takahiko Kawasaki
>
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
[OAUTH-WG] Standardized error responses from protected resource endpoints
Hello,
I have a question. Is there any standardized specification about
error responses from protected resource endpoints?
"RFC 6749, 7.2. Error Response" says "the specifics of such error
responses are beyond the scope of this specification", but I'm
wondering if OAuth WG has done something for that.
>From error responses, I'd like to know information about:
(1) Usability (active or expired? (or not exist?))
(2) Refreshability (associated usable refresh token exists?)
(3) Sufficiency (usable but lacking necessary permissions?)
For example, I'm expecting an error response like below with
"400 Bad Request" or "403 Forbidden".
{
"error":"...",
"error_description":"...",
"error_uri":"...",
"usable": true,
"refreshable": true,
"sufficient": false
}
Best Regards,
Takahiko Kawasaki
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
