Re: [OAUTH-WG] Adding machine readable errors to SPOP?
Nat Sakimura <sakimura@gmail.com> Wed, 12 November 2014 22:48 UTC
Return-Path: <sakimura@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24AAF1A0145 for <oauth@ietfa.amsl.com>; Wed, 12 Nov 2014 14:48:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id byOMELwqWTiY for <oauth@ietfa.amsl.com>; Wed, 12 Nov 2014 14:48:45 -0800 (PST)
Received: from mail-ig0-x22c.google.com (mail-ig0-x22c.google.com [IPv6:2607:f8b0:4001:c05::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 208AA1A0137 for <oauth@ietf.org>; Wed, 12 Nov 2014 14:48:45 -0800 (PST)
Received: by mail-ig0-f172.google.com with SMTP id a13so3917517igq.17 for <oauth@ietf.org>; Wed, 12 Nov 2014 14:48:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:from:date:message-id:subject:to :content-type; bh=/UJgkpfW0ol5uyknuP1tH9FprKgN4oTLbi0i8pk/WX4=; b=MpF2+gUE/QVR5hLDeovOHNpGyqQ780yh6Epzj0YuNdPlP+7kRlEnYUFWXeF/CT2+P8 vVsuiyObM8jNCXUwWGiRwT+KltczPXdIwSqfV/TSzsrrFGjE0SAkKuAKCvTZszYuhXzY mbkqXRTlcnc2WZvVJOQfn2QDXCO72qvKf1KE7WJAD/2BWEzqF4ugyqE4uq9sqJJLWpgD XrTrBBK4uaEhQkqkwwAp4O77Sdv+mktsEeRnEY9/mvasrie1TzO6HQ54IC5y9e1Uj4uq weJUlbrdaig0hCaP+RhEwG+fdyPTTitXKSF0rc7F64Q5GHaLgg5fOW/seh5Xa637VRMU wQCw==
X-Received: by 10.107.45.8 with SMTP id t8mr5980462iot.59.1415832524418; Wed, 12 Nov 2014 14:48:44 -0800 (PST)
MIME-Version: 1.0
References: <CABzCy2AqUvaJSpA3sKxWp8zs+kkTnq++Kv0a81JpBor825eaKg@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439BB8006F@TK5EX14MBXC286.redmond.corp.microsoft.com>
From: Nat Sakimura <sakimura@gmail.com>
Date: Wed, 12 Nov 2014 22:48:43 +0000
Message-ID: <CABzCy2BLMngOhah3TroqjL5m9NLkASQvFf+piYUm-7A=aFme7A@mail.gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>, oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="001a11431890adf5400507b13249"
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/8W3mXvyt6XtLLZbmpo0iX_ekSEU
Subject: Re: [OAUTH-WG] Adding machine readable errors to SPOP?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Nov 2014 22:48:47 -0000
I've thought about that, and I thought we could just add the error message when we add new alg. e.g., when we add SHA-3-256, we can add SHA-3-256_unsupported. On Thu Nov 13 2014 at 5:56:38 Mike Jones <Michael.Jones@microsoft.com> wrote: > Is S256_unsupported or algorithm_unsupported the better error > description? I’m asking because I also expect that at some point in the > approval process for this document you’ll be asked to support algorithm > agility (for instance, being able to use SHA-3-256). > > > > -- Mike > > > > *From:* OAuth [mailto:oauth-bounces@ietf.org] *On Behalf Of *Nat Sakimura > *Sent:* Wednesday, November 12, 2014 10:49 AM > *To:* oauth > *Subject:* [OAUTH-WG] Adding machine readable errors to SPOP? > > > > As discussed at F2F today at IETF 91 OAuth WG, there has been some request > to have a more fine grained machine readable error messages. > > > > Currently, it only returns the error defined in RFC6749 and any more > details is supposed to be returned in error_descripton and error_uri. > > > > So, I came up with the following proposal. If WG agrees, I would put text > embodying it into the draft-04. Otherwise, I would like to go as is. You > have to speak out to put it in. (I am sending out -03, which we meant to > send before submit freeze, without it..) > > > > nError response to authorization request > > lReturns invalid_request with additional error param spop_error with the > following values: > > ▪S256_unsupported > > ▪none_unsupported > > ▪invalid_code_challenge > > Clients MUST NOT accept the downgrade > > request through this as it may be a downgrade > > attack by a MITM. > > nError response to token request > > lReturns invalid_request with additional error param spop_error with the > following values: > > ▪invalid _code_verifier > > ▪verifier_challenge_mismatch > > nAuthorization server should return more descriptive information on > > lerror_description > > lerror_uri > > > > > > >
- [OAUTH-WG] Adding machine readable errors to SPOP? Nat Sakimura
- Re: [OAUTH-WG] Adding machine readable errors to … Mike Jones
- Re: [OAUTH-WG] Adding machine readable errors to … Nat Sakimura
- Re: [OAUTH-WG] Adding machine readable errors to … Bill Mills
- Re: [OAUTH-WG] Adding machine readable errors to … Brian Campbell
- Re: [OAUTH-WG] Adding machine readable errors to … Nat Sakimura
- Re: [OAUTH-WG] Adding machine readable errors to … John Bradley
- Re: [OAUTH-WG] Adding machine readable errors to … Nat Sakimura
- Re: [OAUTH-WG] Adding machine readable errors to … Bill Mills
- Re: [OAUTH-WG] Adding machine readable errors to … Nat Sakimura