Re: [OAUTH-WG] ABNF in draft 11
Eran Hammer-Lahav <eran@hueniverse.com> Thu, 25 November 2010 07:03 UTC
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E95DC3A6AAB for <oauth@core3.amsl.com>; Wed, 24 Nov 2010 23:03:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9BlEAEtxLWla for <oauth@core3.amsl.com>; Wed, 24 Nov 2010 23:03:11 -0800 (PST)
Received: from p3plex1out02.prod.phx3.secureserver.net (p3plex1out02.prod.phx3.secureserver.net [72.167.180.18]) by core3.amsl.com (Postfix) with SMTP id E0DB53A6AA6 for <oauth@ietf.org>; Wed, 24 Nov 2010 23:03:10 -0800 (PST)
Received: (qmail 19157 invoked from network); 25 Nov 2010 07:04:10 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.19) by p3plex1out02.prod.phx3.secureserver.net with SMTP; 25 Nov 2010 07:04:10 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.20]) by P3PW5EX1HT001.EX1.SECURESERVER.NET ([72.167.180.19]) with mapi; Thu, 25 Nov 2010 00:04:11 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: "Manger, James H" <James.H.Manger@team.telstra.com>, OAuth WG <oauth@ietf.org>
Date: Thu, 25 Nov 2010 00:04:01 -0700
Thread-Topic: ABNF in draft 11
Thread-Index: AcuLrE0WNL4CckMHSC6Rvg1Kh0kB/QArB9ZgAATzm+A=
Message-ID: <90C41DD21FB7C64BB94121FBBC2E72343D4B06532C@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <90C41DD21FB7C64BB94121FBBC2E72343D4AE3B191@P3PW5EX1MB01.EX1.SECURESERVER.NET> <255B9BB34FB7D647A506DC292726F6E112789E5CDD@WSMSG3153V.srv.dir.telstra.com>
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E112789E5CDD@WSMSG3153V.srv.dir.telstra.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] ABNF in draft 11
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Nov 2010 07:03:12 -0000
Thanks James.
This is my current text. Let me know if there are more issues.
EHL
---
6.2. The WWW-Authenticate Response Header Field
If the protected resource request does not include authentication
credentials, contains an invalid access token, or is malformed, the
resource server MUST include the HTTP "WWW-Authenticate" response
header field. The "WWW-Authenticate" header field uses the framework
defined by [RFC2617] as follows:
challenge = "OAuth2" RWS #param
param = scope /
error / error-desc / error-uri /
( token "=" ( token / quoted-string ) )
scope = "scope" "=" <"> scope-v *( SP scope-v ) <">
scope-v = 1*quoted-char
quoted-char = ALPHA / DIGIT /
"!" / "#" / "$" / "%" / "&" / "'" / "(" / ")" /
"*" / "+" / "-" / "." / "/" / ":" / "<" / "=" /
">" / "?" / "@" / "[" / "]" / "^" / "_" / "`" /
"{" / "|" / "}" / "~" / "\" / "," / ";"
error = "error" "=" quoted-string
error-desc = "error_description" "=" quoted-string
error-uri = "error_uri" = <"> URI-Reference <">
The "scope" attribute is a space-delimited list of scope values
indicating the required scope of the access token for accessing the
requested resource. The "scope" attribute MUST NOT appear more than
once.
If the protected resource request included an access token and failed
authentication, the resource server SHOULD include the "error"
attribute to provide the client with the reason why the access
request was declined. The parameter value is described in
Section 6.2.1. In addition, the resource server MAY include the
"error_description" attribute to provide a human-readable
explanation, and the "error-uri" attribute with an absolute URI
identifying a human-readable web page explaining the error. The
"error", "error_description", and "error_uri" attribute MUST NOT
appear more than once.
For example, in response to a protected resource request without
authentication:
HTTP/1.1 401 Unauthorized
WWW-Authenticate: OAuth2
And in response to a protected resource request with an
authentication attempt using an expired access token:
HTTP/1.1 401 Unauthorized
WWW-Authenticate: OAuth2
error="invalid_token",
error_description="The access token expired"
- [OAUTH-WG] Fwd: Dropping 'realm' parameter John Kemp
- [OAUTH-WG] Dropping 'realm' parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Fwd: Dropping 'realm' parameter Eran Hammer-Lahav
- [OAUTH-WG] ABNF in draft 11 Manger, James H
- Re: [OAUTH-WG] ABNF in draft 11 Eran Hammer-Lahav
- Re: [OAUTH-WG] ABNF in draft 11 Manger, James H
- Re: [OAUTH-WG] ABNF in draft 11 Eran Hammer-Lahav