[Gen-art] where do error codes go?, was: [OAUTH-WG] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-18.txt

Julian Reschke <julian.reschke@gmx.de> Thu, 12 April 2012 13:34 UTC

Return-Path: <julian.reschke@gmx.de>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A630821F85F7 for <gen-art@ietfa.amsl.com>; Thu, 12 Apr 2012 06:34:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.963
X-Spam-Level:
X-Spam-Status: No, score=-102.963 tagged_above=-999 required=5 tests=[AWL=-0.363, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27xt1VMHzM3O for <gen-art@ietfa.amsl.com>; Thu, 12 Apr 2012 06:34:03 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id D7F8821F85EF for <gen-art@ietf.org>; Thu, 12 Apr 2012 06:34:02 -0700 (PDT)
Received: (qmail invoked by alias); 12 Apr 2012 13:27:22 -0000
Received: from mail.greenbytes.de (EHLO [192.168.1.140]) [217.91.35.233] by mail.gmx.net (mp071) with SMTP; 12 Apr 2012 15:27:22 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX193xHMS4aB3fFeEvCqwQj7noTY5I/LVTZdIGqsvvt ai4/Iy+ghzUMzz
Message-ID: <4F86D836.1000007@gmx.de>
Date: Thu, 12 Apr 2012 15:27:18 +0200
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20120327 Thunderbird/11.0.1
MIME-Version: 1.0
To: Alexey Melnikov <alexey.melnikov@isode.com>
References: <4F2575CE.9040001@isode.com> <4E1F6AAD24975D4BA5B16804296739436638B7AD@TK5EX14MBXC284.redmond.corp.microsoft.com> <4F27C37C.1090008@isode.com> <4F843A22.4020908@isode.com> <4F843DA1.8080703@isode.com>
In-Reply-To: <4F843DA1.8080703@isode.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: General Area Review Team <gen-art@ietf.org>, "oauth@ietf.org" <oauth@ietf.org>, "draft-ietf-oauth-v2-bearer.all@tools.ietf.org" <draft-ietf-oauth-v2-bearer.all@tools.ietf.org>, The IESG <iesg@ietf.org>
Subject: [Gen-art] where do error codes go?, was: [OAUTH-WG] Gen-ART Telechat review of draft-ietf-oauth-v2-bearer-18.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Apr 2012 13:34:03 -0000

On 2012-04-10 16:03, Alexey Melnikov wrote:
> ...
> 2). Section "3.1. Error Codes"
>
> I've suggested to use an IANA registry for this field. Apparently there
> is already a registry created by
> <http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-11.4>.
> However this document doesn't register values defined in section 3.1
> with IANA and doesn't point to draft-ietf-oauth-v2-23 for the registry.
> I find this to be very confusing.
> ...

Speaking of which, how is an error code returned if the HTTP status is 
*not* 401?

3.1. Error Codes


    When a request fails, the resource server responds using the
    appropriate HTTP status code (typically, 400, 401, 403, or 405), and
    includes one of the following error codes in the response:

    invalid_request
          The request is missing a required parameter, includes an
          unsupported parameter or parameter value, repeats the same
          parameter, uses more than one method for including an access
          token, or is otherwise malformed.  The resource server SHOULD
          respond with the HTTP 400 (Bad Request) status code.

    ...

Is the assumption that the response body is always application/json in 
that case? It might be good to clarify that.

Best regards, Julian