Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2
Dick Hardt <dick.hardt@gmail.com> Sun, 15 July 2012 00:18 UTC
Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D42621F84B5 for <oauth@ietfa.amsl.com>; Sat, 14 Jul 2012 17:18:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.267
X-Spam-Level:
X-Spam-Status: No, score=-3.267 tagged_above=-999 required=5 tests=[AWL=-0.269, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_22=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QOGN6WFcbqzT for <oauth@ietfa.amsl.com>; Sat, 14 Jul 2012 17:18:19 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id 3D32221F84AF for <oauth@ietf.org>; Sat, 14 Jul 2012 17:18:12 -0700 (PDT)
Received: by pbcwy7 with SMTP id wy7so8140314pbc.31 for <oauth@ietf.org>; Sat, 14 Jul 2012 17:18:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer; bh=CdiMR4mXyz7vNoMXa8QqNyrkj6HyFO9BQrSTY6f4Xjs=; b=ioPO07PNpuZSjJKHxwsuWuCwyz/61kgwGYlQRpNVjAHZQ0TM0jOFM2s19zpNoIyTwq DVxvKHiVtR3kWirgHpAQprKk/jQbb5fGR5U2Ds42Q2VJlTUFK10sRDORtn9+0qGTfLh6 wnngt5OZgPIYleOP7igQ1nnEztfenNJ0iwyfRsdm+vX0lLips3KwOIVgV7mPyTj6x8ts DeRmqkX2lRdmgXWRrVNVS+5LW2YsicrQn96CLS+edaypnz/oPTjSXj4vEJ0ts14E1U19 suV5Oj3dGRbwa3nfBa9/6jOvk1kroZgHFWF7XsxhI9Bw+7ND1PRcHfK7IsII1deL1Z1Z vXug==
Received: by 10.66.87.66 with SMTP id v2mr12026377paz.71.1342311532471; Sat, 14 Jul 2012 17:18:52 -0700 (PDT)
Received: from [10.0.0.4] (c-24-5-69-173.hsd1.ca.comcast.net. [24.5.69.173]) by mx.google.com with ESMTPS id gh9sm8874529pbc.20.2012.07.14.17.18.50 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 14 Jul 2012 17:18:51 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: multipart/alternative; boundary="Apple-Mail=_084FFCD4-0940-4893-A613-BBE55C24522E"
From: Dick Hardt <dick.hardt@gmail.com>
In-Reply-To: <CC259909.D103%charles_honton@intuit.com>
Date: Sat, 14 Jul 2012 17:18:49 -0700
Message-Id: <C9826DB3-31B8-492A-8319-246235315590@gmail.com>
References: <CC259909.D103%charles_honton@intuit.com>
To: "Honton, Charles" <Charles_Honton@intuit.com>
X-Mailer: Apple Mail (2.1278)
Cc: draft-ietf-oauth-v2@tools.ietf.org, "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Jul 2012 00:18:21 -0000
Great suggestion Charles. I think this is a good clarification. I'll adjust the copy you sent to be what follows in a new draft published tomorrow evening (Sunday PT) unless someone objects. -- Dick In both sections 4.1.2.1 and 4.2.2.1: server_error The authorization server encountered an unexpected condition which prevented it from fulfilling the request. This error code is needed because a 500 Internal Server Error HTTP status code cannot be returned to the client via a HTTP redirect. temporarily_unavailable The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server. This error code is needed because a 503 Service Unavailable HTTP status code cannot be returned to the client via a HTTP redirect. On Jul 13, 2012, at 9:45 AM, Honton, Charles wrote: > Just to make sure I understand… > > If the Authorization Server returns a 5xx, the User-Agent will immediately display a error message. > > If the Authorization Server returns an error code in the redirect, the Client can take alternative actions or appropriately message the error. > > If this is correct, perhaps a slight change in wording will explain the lack of symmetry in the error codes. > > In both sections 4.1.2.1 and 4.2.2.1: > > server_error > The authorization server encountered an unexpected > condition which prevented it from fulfilling the request. > Using this error code allows the Client to handle this > condition instead of the User-Agent > temporarily_unavailable > The authorization server is currently unable to handle > the request due to a temporary overloading or maintenance > of the server. Using this error code allows the Client > to handle this condition instead of the User-Agent > > Thanks, > chas > > From: John Bradley <ve7jtb@ve7jtb.com> > Date: Friday, July 13, 2012 9:08 AM > To: Charles Honton <charles_honton@intuit.com> > Cc: Dick Hardt <dick.hardt@gmail.com>, "draft-ietf-oauth-v2@tools.ietf.org" <draft-ietf-oauth-v2@tools.ietf.org>, "oauth@ietf.org WG" <oauth@ietf.org> > Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 > > 4.2.2.1 and 4.1.2.1 are error codes that are returned to the client through the browser via a 302 redirect. > > You can't send a 5xx error via a 302 redirect. > > That is why those need error messages specific to OAuth. > > Errors not being sent via redirect use normal http error codes. > > I thought that was clear. Is there some general confusion on this? > > John B. > On 2012-07-13, at 11:55 AM, Honton, Charles wrote: > >> Great! Because this question has come up multiple times, perhaps the rfc could explain the use of 5xx return code in addition to error_code. >> >> I must be missing something. Why are server_error and temporarily_unavailable specified in sections 4.2.2.1 and 4.1.2.1? Is there a distinction between 5xx return code and error_code in these cases? >> >> Chas >> >> From: John Bradley <ve7jtb@ve7jtb.com> >> Date: Friday, July 13, 2012 4:04 AM >> To: Dick Hardt <dick.hardt@gmail.com> >> Cc: Charles Honton <charles_honton@intuit.com>, "draft-ietf-oauth-v2@tools.ietf.org" <draft-ietf-oauth-v2@tools.ietf.org>, "oauth@ietf.org WG" <oauth@ietf.org> >> Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 >> >> FRom what I can see in a similar discussion Eran pointed out that this is a direct communication, communication between the client and token endpoint. >> >> Server Error and temporarily unavailable are not OAuth specific and are handled by existing HTTP error codes. >> >> I don't see a need for a change. >> >> Unless something else dramatic comes up I would like to see draft 29 go to the RFC editor. >> >> (Though one person mentioned to me that 30 is a nicer number:) >> >> John B. >> >> On 2012-07-12, at 8:09 PM, Dick Hardt wrote: >> >>> Charles >>> >>> Thanks for the suggestion. I just did publish a new draft that included a number of items that had been discussed and I would like to get some feedback on your suggestion before incorporating it (or not). >>> >>> Does anyone have feedback on the change below? (+/-) >>> >>> -- Dick >>> >>> On Jul 12, 2012, at 1:45 PM, Honton, Charles wrote: >>> >>>> E. Hammer, D. Recordon, D. Hardt, et.al, >>>> >>>> I'm looking at draft 28 (http://tools.ietf.org/html/draft-ietf-oauth-v2-28). >>>> >>>> In Section 5.2 the error code should probably include: >>>> >>>> server_error >>>> The authorization server encountered an unexpected >>>> condition which prevented it from fulfilling the request. >>>> temporarily_unavailable >>>> The authorization server is currently unable to handle >>>> the request due to a temporary overloading or maintenance >>>> of the server. >>>> >>>> >>>> Regards, >>>> chas >>>> >>> >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >> >
- [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 Eran Hammer
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 Justin Richer
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 Nat Sakimura
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 Dick Hardt
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 Antonio Sanso
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 John Bradley
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 John Bradley
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 William Mills
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 Mike Jones
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 Dick Hardt
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 John Bradley
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 Mike Jones