[OAUTH-WG] Throttling error using resource owner password credentials grant or authorization code grant
Santiago Pérez <spmarin.tid@gmail.com> Tue, 16 July 2013 16:30 UTC
Return-Path: <spmarin.tid@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE3F511E80E9 for <oauth@ietfa.amsl.com>; Tue, 16 Jul 2013 09:30:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SPvp2J8NsRLf for <oauth@ietfa.amsl.com>; Tue, 16 Jul 2013 09:30:48 -0700 (PDT)
Received: from mail-pd0-x22f.google.com (mail-pd0-x22f.google.com [IPv6:2607:f8b0:400e:c02::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 1197821E8063 for <oauth@ietf.org>; Tue, 16 Jul 2013 09:30:44 -0700 (PDT)
Received: by mail-pd0-f175.google.com with SMTP id 4so850512pdd.6 for <oauth@ietf.org>; Tue, 16 Jul 2013 09:30:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=cM35up0WRo2zTQvOhEIJ2sJigM9B0Wu7LWldqmVEP4c=; b=NNGEPaxSrgznuK5AHhGcZFPitHYTDzzsXatn6E7E2tpein1rLPzHdTGZmDdq6RTOzE Th7zhTGa+fq/txP5E8fiJhosdpCwT1aUGlXn+Ai/n4R+6zyp2pEzQVUkffBMgwV53gCn Y+tE10Fed7sO3ropo8YXSmsg6B4fh+Fq9R5BYBMQB3nKGIcOx4BqhpoI8P8y6zX3tPv7 P4SmBvgvUSWQijQUOuikZkp7cLNeASJVHSaOr6o/Sa5Ie/iVDa/QR66lvRRD1or93Jge 4P72PzoJXMGgBRlsOnvnITKHV96r3KclV5DHRWuCSQ4e4znX3FpypkuUmlvZvv5gRMlU 06vA==
MIME-Version: 1.0
X-Received: by 10.66.186.14 with SMTP id fg14mr3392974pac.166.1373992243742; Tue, 16 Jul 2013 09:30:43 -0700 (PDT)
Received: by 10.66.152.144 with HTTP; Tue, 16 Jul 2013 09:30:43 -0700 (PDT)
Date: Tue, 16 Jul 2013 18:30:43 +0200
Message-ID: <CAOrzMNZ_X6EsAAYOjeRrKBG_HDtSDZLLxhewLJ54u=DGEvwcYQ@mail.gmail.com>
From: Santiago Pérez <spmarin.tid@gmail.com>
To: oauth@ietf.org
Content-Type: multipart/alternative; boundary="047d7beba0249cd00e04e1a37f52"
X-Mailman-Approved-At: Wed, 17 Jul 2013 08:03:46 -0700
Subject: [OAUTH-WG] Throttling error using resource owner password credentials grant or authorization code grant
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jul 2013 07:10:16 -0000
Dear all, We are implementing a OAuth 2.0 server and there is a point that is not clear for me in the RFC 6749. What error should we return when the maximum number of attempts for resource owner credentials is exceeded? I can not see any suitable error in the current RFC. We are implementing a policy for controlling this X attempts per period (e.g.: 3 times/15 minutes) Thanks for your answer. Kind Regards, Santiago Pérez
- [OAUTH-WG] Throttling error using resource owner … Santiago Pérez
- Re: [OAUTH-WG] Throttling error using resource ow… Justin Richer
- Re: [OAUTH-WG] Throttling error using resource ow… Todd W Lainhart
- Re: [OAUTH-WG] Throttling error using resource ow… André DeMarre
- Re: [OAUTH-WG] Throttling error using resource ow… Todd W Lainhart
- Re: [OAUTH-WG] Throttling error using resource ow… Santiago Pérez
- Re: [OAUTH-WG] Throttling error using resource ow… Torsten Lodderstedt