Re: [OAUTH-WG] Standardized error responses from protected resource endpoints
Thank you very much. It is the specification for token_type=bearer but really useful. I'm ashamed of having forgotten the content of RFC 6750 although I had read it once before. Best Regards, Takahiko Kawasaki 2014-07-30 21:23 GMT+09:00 Brian Campbell : > Take a look at RFC 6750 "The OAuth 2.0 Authorization Framework: Bearer > Token Usage" - particularly section 3: > http://tools.ietf.org/html/rfc6750#section-3 which describes using the > "WWW-Authenticate" response header field in response to a request with > an invalid/insufficient/missing/etc token. > > On Tue, Jul 29, 2014 at 8:10 PM, Takahiko Kawasaki wrote: >> Hello, >> >> I have a question. Is there any standardized specification about >> error responses from protected resource endpoints? >> >> "RFC 6749, 7.2. Error Response" says "the specifics of such error >> responses are beyond the scope of this specification", but I'm >> wondering if OAuth WG has done something for that. >> >> >From error responses, I'd like to know information about: >> >> (1) Usability (active or expired? (or not exist?)) >> (2) Refreshability (associated usable refresh token exists?) >> (3) Sufficiency (usable but lacking necessary permissions?) >> >> For example, I'm expecting an error response like below with >> "400 Bad Request" or "403 Forbidden". >> >> { >> "error":"...", >> "error_description":"...", >> "error_uri":"...", >> "usable": true, >> "refreshable": true, >> "sufficient": false >> } >> >> >> Best Regards, >> Takahiko Kawasaki >> >> ___ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] Standardized error responses from protected resource endpoints
Take a look at RFC 6750 "The OAuth 2.0 Authorization Framework: Bearer Token Usage" - particularly section 3: http://tools.ietf.org/html/rfc6750#section-3 which describes using the "WWW-Authenticate" response header field in response to a request with an invalid/insufficient/missing/etc token. On Tue, Jul 29, 2014 at 8:10 PM, Takahiko Kawasaki wrote: > Hello, > > I have a question. Is there any standardized specification about > error responses from protected resource endpoints? > > "RFC 6749, 7.2. Error Response" says "the specifics of such error > responses are beyond the scope of this specification", but I'm > wondering if OAuth WG has done something for that. > > >From error responses, I'd like to know information about: > > (1) Usability (active or expired? (or not exist?)) > (2) Refreshability (associated usable refresh token exists?) > (3) Sufficiency (usable but lacking necessary permissions?) > > For example, I'm expecting an error response like below with > "400 Bad Request" or "403 Forbidden". > > { > "error":"...", > "error_description":"...", > "error_uri":"...", > "usable": true, > "refreshable": true, > "sufficient": false > } > > > Best Regards, > Takahiko Kawasaki > > ___ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
[OAUTH-WG] Standardized error responses from protected resource endpoints
Hello, I have a question. Is there any standardized specification about error responses from protected resource endpoints? "RFC 6749, 7.2. Error Response" says "the specifics of such error responses are beyond the scope of this specification", but I'm wondering if OAuth WG has done something for that. >From error responses, I'd like to know information about: (1) Usability (active or expired? (or not exist?)) (2) Refreshability (associated usable refresh token exists?) (3) Sufficiency (usable but lacking necessary permissions?) For example, I'm expecting an error response like below with "400 Bad Request" or "403 Forbidden". { "error":"...", "error_description":"...", "error_uri":"...", "usable": true, "refreshable": true, "sufficient": false } Best Regards, Takahiko Kawasaki ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth