[OAUTH-WG] draft-ietf-oauth-revocation-04
Hannes Tschofenig <hannes.tschofenig@gmx.net> Fri, 11 January 2013 08:18 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 007C621F8A50 for <oauth@ietfa.amsl.com>; Fri, 11 Jan 2013 00:18:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.52
X-Spam-Level:
X-Spam-Status: No, score=-102.52 tagged_above=-999 required=5 tests=[AWL=0.079, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FjUDFCt7c7Nd for <oauth@ietfa.amsl.com>; Fri, 11 Jan 2013 00:18:16 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) by ietfa.amsl.com (Postfix) with ESMTP id 98EAD21F8A08 for <oauth@ietf.org>; Fri, 11 Jan 2013 00:18:15 -0800 (PST)
Received: from mailout-de.gmx.net ([10.1.76.17]) by mrigmx.server.lan (mrigmx001) with ESMTP (Nemesis) id 0MOV9X-1Twckt2Ylx-005uS7 for <oauth@ietf.org>; Fri, 11 Jan 2013 09:18:14 +0100
Received: (qmail invoked by alias); 11 Jan 2013 08:18:14 -0000
Received: from a88-115-219-140.elisa-laajakaista.fi (EHLO [192.168.100.107]) [88.115.219.140] by mail.gmx.net (mp017) with SMTP; 11 Jan 2013 09:18:14 +0100
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX18l9F0Q3e0l/ISfW8S/q3Bxbvr37tqwjFrYeu68Jp gb+Q/bfS33LOsv
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 11 Jan 2013 10:18:13 +0200
Message-Id: <8B2E9343-A46D-4218-B771-CF4A72AE7E94@gmx.net>
To: "oauth@ietf.org WG" <oauth@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1085)
X-Mailer: Apple Mail (2.1085)
X-Y-GMX-Trusted: 0
Subject: [OAUTH-WG] draft-ietf-oauth-revocation-04
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jan 2013 08:18:17 -0000
Thank you Torsten for updating the document. Two issues have been raised: 1) Terminology: Authorization vs. access grant vs. authorization grant There is a little bit of email exchange on that topic: http://www.ietf.org/mail-archive/web/oauth/current/msg10426.html I personally don't have an opinion on the terminology in this case. 2) invalid_token error code As mentioned on the list, a new error code has to be registered (which is not a big deal). Re-using an error code with different semantic is of course confusing. Re-using an already defined error code and to provide additional text in the error_description is fine as long as the description relates to the originally defined error description. In the case of the invalid_request error code RFC 6749 defines it as invalid_request The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. and RFC 6750 says: invalid_request The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats the same parameter, uses more than one method for including an access token, or is otherwise malformed. The resource server SHOULD respond with the HTTP 400 (Bad Request) status code. Let us know how you want to proceed on these two issues. Ciao Hannes
- Re: [OAUTH-WG] draft-ietf-oauth-revocation-04 Torsten Lodderstedt
- [OAUTH-WG] draft-ietf-oauth-revocation-04 Hannes Tschofenig
- Re: [OAUTH-WG] draft-ietf-oauth-revocation-04 Torsten Lodderstedt
- [OAUTH-WG] draft-ietf-oauth-revocation-04 Donald F Coffin
- Re: [OAUTH-WG] draft-ietf-oauth-revocation-04 George Fletcher
- Re: [OAUTH-WG] draft-ietf-oauth-revocation-04 Donald F Coffin
- Re: [OAUTH-WG] draft-ietf-oauth-revocation-04 Torsten Lodderstedt
- Re: [OAUTH-WG] draft-ietf-oauth-revocation-04 Donald F Coffin
- Re: [OAUTH-WG] draft-ietf-oauth-revocation-04 Torsten Lodderstedt
- Re: [OAUTH-WG] draft-ietf-oauth-revocation-04 Torsten Lodderstedt
- Re: [OAUTH-WG] draft-ietf-oauth-revocation-04 Donald F Coffin
- Re: [OAUTH-WG] draft-ietf-oauth-revocation-04 Torsten Lodderstedt
- Re: [OAUTH-WG] draft-ietf-oauth-revocation-04 Donald F Coffin