[OAUTH-WG] Question about error response rule described in section 4.3 of draft v.10

"matake@gmail" <matake@gmail.com> Thu, 16 September 2010 13:52 UTC

Return-Path: <matake@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1147E3A6ABD for <oauth@core3.amsl.com>; Thu, 16 Sep 2010 06:52:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id giW06d3i5+Jc for <oauth@core3.amsl.com>; Thu, 16 Sep 2010 06:52:29 -0700 (PDT)
Received: from mail-pz0-f44.google.com (mail-pz0-f44.google.com [209.85.210.44]) by core3.amsl.com (Postfix) with ESMTP id 48EFB3A6B19 for <oauth@ietf.org>; Thu, 16 Sep 2010 06:52:29 -0700 (PDT)
Received: by pzk6 with SMTP id 6so501285pzk.31 for <oauth@ietf.org>; Thu, 16 Sep 2010 06:52:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:content-type :content-transfer-encoding:subject:date:message-id:to:mime-version :x-mailer; bh=9IM81/lnebUpC3U7w1VR94XqgdbulHnyMCjQaHEB5Pk=; b=qHmtldPGXRaXb3Y66qxVTvRUubn0L3rbfyWfDMtO70eu+NHBYyt+dx7KJIUMY8dmXl 67JW+TZbGmIkmWAEonIcnOrHfPXJ6CF294Lhseuew2Z1wCKjGszAA4922J2uUy48ghS2 H2YhXwDgkaG8cr41UKEnSBxQyLDjodMpt8Q68=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:content-type:content-transfer-encoding:subject:date:message-id :to:mime-version:x-mailer; b=ag5QJwSdXIMT6JFsou1u06NNsaG9as7xXMjpwX+FVMEfIbpiZOkJ99xAG4fNe1QAB+ 9E5+7rj6GFg9z7S/oVl+R9ObZIMaNj5i3PQ+UluVMrV2tI+oqt2vaOYWsXslCM4r7E8I 2ayA8x74j02WqrLvAZiFdRPu0N7K6keQAmdig=
Received: by 10.114.80.10 with SMTP id d10mr3500341wab.180.1284645145068; Thu, 16 Sep 2010 06:52:25 -0700 (PDT)
Received: from [10.0.1.2] (x115152.dynamic.ppp.asahi-net.or.jp [122.249.115.152]) by mx.google.com with ESMTPS id s5sm4475774wak.12.2010.09.16.06.52.22 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 16 Sep 2010 06:52:23 -0700 (PDT)
From: "matake@gmail" <matake@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Thu, 16 Sep 2010 22:52:20 +0900
Message-Id: <C636E369-02E8-451F-AC0A-FCDA5555FDD1@gmail.com>
To: OAuth WG <oauth@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1081)
X-Mailer: Apple Mail (2.1081)
Subject: [OAUTH-WG] Question about error response rule described in section 4.3 of draft v.10
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Sep 2010 13:52:31 -0000

Hi experts,

I'm now developing OAuth2 server library in Ruby, rack-oauth2.

I have one question about error response.

In section 4.3, it says

"If the client provided invalid credentials using an HTTP authentication scheme via the "Authorization" request header field, the authorization server MUST respond with the HTTP 401 (Unauthorized) status code.Otherwise, the authorization server SHALL respond with the HTTP 400 (Bad Request) status code."

In which case, client sends credentials via the "Authorization" request header?
In my understanding, client put any credentials in request body when obtaining an access token.
Is there some use-cases I'm missing?

Thanks

--
Nov Matake (=nov)
http://matake.jp
http://twitter.com/nov