IETF Logo Mail Archive

Re: [OAUTH-WG] What error codes do you need?

John Panzer <jpanzer@google.com> Tue, 23 March 2010 17:18 UTC

Return-Path: <jpanzer@google.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 165913A6C6A for <oauth@core3.amsl.com>; Tue, 23 Mar 2010 10:18:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -98.246
X-Spam-Level:
X-Spam-Status: No, score=-98.246 tagged_above=-999 required=5 tests=[BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 79GprgtdNVIP for <oauth@core3.amsl.com>; Tue, 23 Mar 2010 10:18:14 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.35]) by core3.amsl.com (Postfix) with ESMTP id BF0A43A6C22 for <oauth@ietf.org>; Tue, 23 Mar 2010 10:18:13 -0700 (PDT)
Received: from wpaz24.hot.corp.google.com (wpaz24.hot.corp.google.com [172.24.198.88]) by smtp-out.google.com with ESMTP id o2NHIU3U003047 for <oauth@ietf.org>; Tue, 23 Mar 2010 18:18:30 +0100
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1269364710; bh=9Vpa3Nz5F6NZAg1YpJ+yeAy13iU=; h=MIME-Version:In-Reply-To:References:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=X/p3eV4/2AzhldGyvmy2mG6xzFUahFQ9O7pnhAp3aP+437JLYvcBUjlmzGLKFWVcI dJlMap4BWw2cDfAm3GKQQ==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:in-reply-to:references:from:date:message-id: subject:to:cc:content-type:x-system-of-record; b=T+uvYrmxb1ftY938mRBZjF+aqFvs5X9Dk4LplFdAzR5IzQxPYSUbdtb0vpy8Txt/2 LN+zgaMRJoHQKLBEUeqyg==
Received: from iwn31 (iwn31.prod.google.com [10.241.68.95]) by wpaz24.hot.corp.google.com with ESMTP id o2NHICc3005637 for <oauth@ietf.org>; Tue, 23 Mar 2010 10:18:28 -0700
Received: by iwn31 with SMTP id 31so117807iwn.30 for <oauth@ietf.org>; Tue, 23 Mar 2010 10:18:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.154.68 with SMTP id n4mr1935343ibw.72.1269364708268; Tue, 23 Mar 2010 10:18:28 -0700 (PDT)
In-Reply-To: <20315623-3AA2-433D-A4AC-7470437985D9@bbn.com>
References: <fd6741651003221056i25c258ebm1408da7678902751@mail.gmail.com> <FAB059A5-BDB7-4E66-B58C-803EC8BA9CCE@bbn.com> <cb5f7a381003230954w7a3ee0edid648b3b6a2ae5953@mail.gmail.com> <20315623-3AA2-433D-A4AC-7470437985D9@bbn.com>
From: John Panzer <jpanzer@google.com>
Date: Tue, 23 Mar 2010 10:18:08 -0700
Message-ID: <cb5f7a381003231018x38d69f8dra3f9a49a0c1ecd55@mail.gmail.com>
To: Richard Barnes <rbarnes@bbn.com>
Content-Type: multipart/alternative; boundary="001636c5a39d86da9004827b0072"
X-System-Of-Record: true
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] What error codes do you need?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Mar 2010 17:18:16 -0000

Ah, ok.  I disagree with this as blanket recommendation though it can make
sense in some cases.

Agreed that OAuth is more of a plug-in for HTTP than a separate protocol
layered on top.

On Tue, Mar 23, 2010 at 10:09 AM, Richard Barnes <rbarnes@bbn.com> wrote:

> Well, the relevant part says "200 or 500"; the basic message is that if
> your HTTP-using application has an error, but the HTTP was OK, then you
> shouldn't have an HTTP-layer error.  So for instance, in the GEOPRIV HELD
> protocol [1], every request returns 200 unless the HTTP is screwed up, and
> there's an <errorResponse> element that provides application-layer codes and
> explanations.
>
> Again, this model might not make sense for OAuth, since OAuth is more tied
> into the HTTP layer than layered on top of it.  You could probably make a
> case for using 401/403 in this space, and maybe for some new codes.
>
> --Richard
>
> [1] http://tools.ietf.org/html/draft-ietf-geopriv-http-location-delivery
>
>
>
>
>
> On Mar 23, 2010, at 9:54 AM, John Panzer wrote:
>
>  That's an interesting and informative RFC, but it recommends using the 500
>> response code for all errors (unless I'm misreading).  Errors due to
>> incorrect input should be 4xx.
>>
>> On Mon, Mar 22, 2010 at 10:02 PM, Richard Barnes <rbarnes@bbn.com> wrote:
>> In case it's helpful, BCP 56 / RFC 3205 provides recommendations for using
>> HTTP as a substrate for other protocols:
>>
>> <https://tools.ietf.org/html/bcp56>
>> ... in particular with respect to status codes:
>>
>> <https://tools.ietf.org/html/bcp56#section-8>
>>
>> It's worth thinking about how that document applies to OAuth, since the
>> goal here isn't really necessariliy to use HTTP as a substrate, but rather
>> to extend HTTP in certain ways.
>>
>> --Richard
>>
>>
>>
>>
>> On Mar 22, 2010, at 10:56 AM, David Recordon wrote:
>>
>> In drafting OAuth 2.0 I removed a lot of the error codes throughout
>> the flows and in this draft encouraged people to use HTTP status codes
>> (like 1.0a does).  I've heard the feedback from multiple people that
>> they'd like more specific error codes than what can be expressed in
>> HTTP.  I'd like to use this thread – or ideally a wiki page that
>> someone creates – to build consensus around the error codes needed
>> throughout protocol responses.
>>
>> Is someone willing to take the lead on this?  http://wiki.oauth.net/
>> should be easy enough to create a new page on.
>>
>> Thanks,
>> --David
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>

v2.23.0 | Report a Bug | By Email