[OAUTH-WG] Authorization request errors

Jérôme LELEU <leleuj@gmail.com> Thu, 21 June 2012 19:40 UTC

Return-Path: <leleuj@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49C8611E80C5 for <oauth@ietfa.amsl.com>; Thu, 21 Jun 2012 12:40:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.298
X-Spam-Level:
X-Spam-Status: No, score=-3.298 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 15lyeBdjknpM for <oauth@ietfa.amsl.com>; Thu, 21 Jun 2012 12:40:57 -0700 (PDT)
Received: from mail-lb0-f172.google.com (mail-lb0-f172.google.com [209.85.217.172]) by ietfa.amsl.com (Postfix) with ESMTP id 3852711E808E for <oauth@ietf.org>; Thu, 21 Jun 2012 12:40:57 -0700 (PDT)
Received: by lbbgo11 with SMTP id go11so2821003lbb.31 for <oauth@ietf.org>; Thu, 21 Jun 2012 12:40:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=BgFMqggjrTe3jmhswtCKNTsf2ECyK66CabnTUM+/Djo=; b=kldejn+2YtcYBeMrvd8xEDLh5JY4JHcsDWe65FH3EBmCaq72OYts0pntIhPuKyDDwp WvB+rZ5JPO6K4VFXoCJU/c8Zfba/qP4lRp1Owp7QvtlY+SW8yhqLbQG/lX17G8ISlp6/ c4UmfPuKprOVtuDdJ9RWrU/JqX0gMBp+oYd86cQg2hxjjevZbLEGZKNjRb6ddM/05YbM 6YVEiLG/lVGwa/GD+7DzcQxuDTRlisb4/IsMOP2qErl4M6TxcbMUX8/RlEsQYV22C/gg vYEZ9mVRGdAgRGeisj1biOIfRPCam78sqTjRN0495Ighwc+lBhkdpydlbamVplcjb579 +18Q==
MIME-Version: 1.0
Received: by 10.152.46.6 with SMTP id r6mr27933720lam.7.1340307656202; Thu, 21 Jun 2012 12:40:56 -0700 (PDT)
Received: by 10.112.106.166 with HTTP; Thu, 21 Jun 2012 12:40:56 -0700 (PDT)
Date: Thu, 21 Jun 2012 21:40:56 +0200
Message-ID: <CAP279LzK6LtYZRNU+vqP+NAYV2ehmeC6sdJ3f+EnpS5URZiV6w@mail.gmail.com>
From: Jérôme LELEU <leleuj@gmail.com>
To: oauth@ietf.org
Content-Type: multipart/alternative; boundary="bcaec550ace6bcd88b04c300b103"
Subject: [OAUTH-WG] Authorization request errors
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jun 2012 19:40:58 -0000

Hi,

I'm trying to implement OAuth 2.0 provider support and, in particular,
right handling of errors.

Following OAuth 2.0 spec : http://tools.ietf.org/html/draft-ietf-oauth-v2-28,
I don't understand the authorization request errors : part 4.1.2.1.
If I have a valid redirection url, I understand that an error should be
returned with GET parameters (error, error_description...) in the
redirected url as shown in example.
But in case of invalid redirection url or unknown client_id (which makes
validation of redirection url impossible), what http code should I return ?
500 ? 400 ? What should be the format of the error message ? Json ?
plaintext ? like a POST body ?

I'm certainly misunderstanding OAuth spec, but I would appreciate any help.
Thanks.
Best regards,
Jérôme