IETF Logo Mail Archive

[OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec

Hannes Tschofenig <hannes.tschofenig@gmx.net> Wed, 09 May 2012 22:06 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1399D11E80D7 for <oauth@ietfa.amsl.com>; Wed, 9 May 2012 15:06:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.422
X-Spam-Level:
X-Spam-Status: No, score=-102.422 tagged_above=-999 required=5 tests=[AWL=0.177, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HM3FZjn68QZ5 for <oauth@ietfa.amsl.com>; Wed, 9 May 2012 15:06:54 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 197F011E8086 for <oauth@ietf.org>; Wed, 9 May 2012 15:06:53 -0700 (PDT)
Received: (qmail invoked by alias); 09 May 2012 22:06:52 -0000
Received: from unknown (EHLO [107.17.145.89]) [216.141.82.2] by mail.gmx.net (mp071) with SMTP; 10 May 2012 00:06:52 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1+b8fFxiwGb/dOpqK4nZza7Xg6eZoRUAIpLfXIqAB gcJlDSEGKIBIgH
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Apple Message framework v1084)
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Date: Thu, 10 May 2012 01:06:49 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <7D98C51F-84D8-48AA-B94D-EABE4D0921DB@gmx.net>
To: "oauth@ietf.org WG" <oauth@ietf.org>
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Subject: [OAUTH-WG] Encoding of Errors in the Base and in the Bearer Spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 22:06:55 -0000

Hi all, 

another issue that came up in Sean's IESG review was about the encoding of the error / error_description / error_uri in the base and in the bearer specification. 

As mentioned in my earlier mail about the registry for the error codes there are three error fields defined in the two specification and the error / error_description / error_uri fields are allowed to appear in different parts of an HTTP message. 
Depending on where they show up different encoding restrictions apply. 

For the core specification these error fields may appear in the 
* body of the HTTP message (encoded in JSON)
* parameters to the query component of the redirection URI (using the
  "application/x-www-form-urlencoded" format)

For the bearer specification these error fields appear in the HTTP header. Consequently, http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19 says 'values for the "error" and "error_description" attributes MUST NOT include characters outside the set %x20-21 / %x23-5B / %x5D-7E.' 

Now, here is the question. While these errors are essentially copied over from one spec to the other the different encoding restrictions make them different. Do we want different encodings of errors in the two documents?

So, I see two options: 

1) Leave the encoding as it is. This means the encoding of the error / error_description / error_uri in the two specifications is different. 

2) Harmonize the encoding between the two specifications by incorporating the restrictions from the bearer specification into the base specification. 

Please indicate your preference by the end of next week (18th May 2012). 

Ciao
Hannes

v2.23.0 | Report a Bug | By Email