Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2
John Bradley <ve7jtb@ve7jtb.com> Fri, 13 July 2012 16:07 UTC
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5E3711E8087 for <oauth@ietfa.amsl.com>; Fri, 13 Jul 2012 09:07:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.88
X-Spam-Level:
X-Spam-Status: No, score=-2.88 tagged_above=-999 required=5 tests=[AWL=0.118, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_22=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M30o5OAqpr8d for <oauth@ietfa.amsl.com>; Fri, 13 Jul 2012 09:07:41 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id 7725421F8722 for <oauth@ietf.org>; Fri, 13 Jul 2012 09:07:41 -0700 (PDT)
Received: by pbcwy7 with SMTP id wy7so6010106pbc.31 for <oauth@ietf.org>; Fri, 13 Jul 2012 09:08:18 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=T8yFO4memFJ4icwxnGD8z0lh74HsqZNfphqPSM/yYds=; b=BR7X8ONT9Qi8sH8v1lv3mfRMvW0roOiNO2fA5xNDDJimtMlwRI9Ik0XKQlcBBbXQw1 wEynmNf3a3R/KjuQ/iYMlM4bD6l1joOPX1TcYpTMOuYVuJ/c7RdcWfhqloxDp/sSoRbw rkYIZ9JOlVcucCa0z1CC9hZSWhfBdoLmvKwd7RpMSazxPc0N0sQ3r+0nLYu+M4wx1eos yBE3cF6LUWhqSDABM2YQQBnEhd168w5fUFogIg5oq3I0VEattj3s1YxzdHybX7ZSh2Rw Dm6RDa/fyGSrAqd1GdGylwX1Tg0D3pcUtMiVE0Hhz3HDyfOi3QXMtIpatWDAFV3S7n42 1muw==
Received: by 10.68.217.3 with SMTP id ou3mr4636704pbc.117.1342195697720; Fri, 13 Jul 2012 09:08:17 -0700 (PDT)
Received: from [10.2.2.165] (75-147-25-205-NewEngland.hfc.comcastbusiness.net. [75.147.25.205]) by mx.google.com with ESMTPS id qd2sm2442810pbb.29.2012.07.13.09.08.15 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 13 Jul 2012 09:08:16 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: multipart/alternative; boundary="Apple-Mail=_4D264747-A835-4AE2-8B4D-E5C6A89CC7F9"
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <CC258DF8.D0E2%charles_honton@intuit.com>
Date: Fri, 13 Jul 2012 12:08:13 -0400
Message-Id: <F22190BF-C282-4929-87E7-6E1E51817914@ve7jtb.com>
References: <CC258DF8.D0E2%charles_honton@intuit.com>
To: "Honton, Charles" <Charles_Honton@intuit.com>
X-Mailer: Apple Mail (2.1278)
X-Gm-Message-State: ALoCoQlENXXfdxd8fQ/X0J9mwpTDvvW5lR7VbrSbVlgOQfZ1yXxr51YMoBlLKvn8zTD5BqzxajUq
Cc: "draft-ietf-oauth-v2@tools.ietf.org" <draft-ietf-oauth-v2@tools.ietf.org>, "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Jul 2012 16:07:42 -0000
4.2.2.1 and 4.1.2.1 are error codes that are returned to the client through the browser via a 302 redirect. You can't send a 5xx error via a 302 redirect. That is why those need error messages specific to OAuth. Errors not being sent via redirect use normal http error codes. I thought that was clear. Is there some general confusion on this? John B. On 2012-07-13, at 11:55 AM, Honton, Charles wrote: > Great! Because this question has come up multiple times, perhaps the rfc could explain the use of 5xx return code in addition to error_code. > > I must be missing something. Why are server_error and temporarily_unavailable specified in sections 4.2.2.1 and 4.1.2.1? Is there a distinction between 5xx return code and error_code in these cases? > > Chas > > From: John Bradley <ve7jtb@ve7jtb.com> > Date: Friday, July 13, 2012 4:04 AM > To: Dick Hardt <dick.hardt@gmail.com> > Cc: Charles Honton <charles_honton@intuit.com>, "draft-ietf-oauth-v2@tools.ietf.org" <draft-ietf-oauth-v2@tools.ietf.org>, "oauth@ietf.org WG" <oauth@ietf.org> > Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 > > FRom what I can see in a similar discussion Eran pointed out that this is a direct communication, communication between the client and token endpoint. > > Server Error and temporarily unavailable are not OAuth specific and are handled by existing HTTP error codes. > > I don't see a need for a change. > > Unless something else dramatic comes up I would like to see draft 29 go to the RFC editor. > > (Though one person mentioned to me that 30 is a nicer number:) > > John B. > > On 2012-07-12, at 8:09 PM, Dick Hardt wrote: > >> Charles >> >> Thanks for the suggestion. I just did publish a new draft that included a number of items that had been discussed and I would like to get some feedback on your suggestion before incorporating it (or not). >> >> Does anyone have feedback on the change below? (+/-) >> >> -- Dick >> >> On Jul 12, 2012, at 1:45 PM, Honton, Charles wrote: >> >>> E. Hammer, D. Recordon, D. Hardt, et.al, >>> >>> I'm looking at draft 28 (http://tools.ietf.org/html/draft-ietf-oauth-v2-28). >>> >>> In Section 5.2 the error code should probably include: >>> >>> server_error >>> The authorization server encountered an unexpected >>> condition which prevented it from fulfilling the request. >>> temporarily_unavailable >>> The authorization server is currently unable to handle >>> the request due to a temporary overloading or maintenance >>> of the server. >>> >>> >>> Regards, >>> chas >>> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 Eran Hammer
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 Justin Richer
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 Nat Sakimura
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 Dick Hardt
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 Antonio Sanso
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 John Bradley
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 John Bradley
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 William Mills
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 Mike Jones
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 Dick Hardt
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 John Bradley
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 Mike Jones