IETF Logo Mail Archive

[OAUTH-WG] Correct error code for rate limiting?

Aaron Parecki <aaron@parecki.com> Fri, 22 February 2019 05:57 UTC

Return-Path: <aaron@parecki.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18B7912DF71 for <oauth@ietfa.amsl.com>; Thu, 21 Feb 2019 21:57:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=parecki-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y2NKdcI23j16 for <oauth@ietfa.amsl.com>; Thu, 21 Feb 2019 21:57:21 -0800 (PST)
Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13DF31275F3 for <oauth@ietf.org>; Thu, 21 Feb 2019 21:57:21 -0800 (PST)
Received: by mail-io1-xd2e.google.com with SMTP id p18so886690ioh.5 for <oauth@ietf.org>; Thu, 21 Feb 2019 21:57:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=parecki-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=vqp+KM1MstwLtEI5kRtLB87i6c0HKH5UwT6mU7UTK18=; b=pba0y/chOZ2GAue/YOPrQk3AKgos7wU+HDw5FGbyKJAA3UwoxCVduyX1nj+xLXCnlg NNn+xiKjAuLIPqZ78oB+r0Ry96NSnIhIXdxqlixXU5r4LexMAhas6dbdJIKrvM4T/OCh aNik3tz9wKBzp+182+LQQ33QX2TW+IVfjBhAEucruS3nahFKZsdh9Ph7H5/o5d0AVh5P gS5boEciuEWTs/FwIFhnp+Jp0U1gujQSJKNNs+W5+RqssxUDyPVTXeHan6VvI2WxADJC pJKslUTLZF6LJuNVJMBIOAv2CBPKXjEgUpUXkLYJQ0gx53XrZBRD0HQhMgjjRZmIENs+ nAjQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=vqp+KM1MstwLtEI5kRtLB87i6c0HKH5UwT6mU7UTK18=; b=eVyAPGQnjt2IuUPzJNKNq4wvg+0TOywqkd7psnypw6riyuTeHIsDhYeaDtCcAGZYMo A55zRmBfZg+9yXA+0OoURX3qq2gz4t0xm5OY4hHZvCT5WcCEeMgKHTQP93nnQFFcHVcT acvrbqpPrakIKmkVSDThVbk3pPGEpq2OkRRqSR516sJ3SOO/WXIHa3M6aW/qbu+bwEED +VTm35NNdmNcuHgjIy4dxICvshM/rDHQz2UH1sk1fIaCm9xcimamfRAyeU2FqAMwfVX1 JBHrhVz4HoMa+h0fWnd2ZCOD5JZTXm68AAmMAE7PODgXuLOKLR3AcKq2wcjLZ9p0ASIv L4bA==
X-Gm-Message-State: AHQUAubw2JaBNUsOGu08ZNairwSIxvfYu3ctLfxzEQynhu+N5aUCIojC Qr273ADL+dZyQL7GCOmxenPVOWuomnA=
X-Google-Smtp-Source: AHgI3IYvWCwzZySt2k1mjzDbXT2jZvCWVk5EHZWpf5B5oIbR2iJhb4QQBEbC6VQwYRh6l73z43O6lw==
X-Received: by 2002:a6b:710e:: with SMTP id q14mr1335018iog.210.1550815040088; Thu, 21 Feb 2019 21:57:20 -0800 (PST)
Received: from mail-it1-f180.google.com (mail-it1-f180.google.com. [209.85.166.180]) by smtp.gmail.com with ESMTPSA id c1sm280719itd.23.2019.02.21.21.57.19 for <oauth@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 21 Feb 2019 21:57:19 -0800 (PST)
Received: by mail-it1-f180.google.com with SMTP id g137so10696262ita.0 for <oauth@ietf.org>; Thu, 21 Feb 2019 21:57:19 -0800 (PST)
X-Received: by 2002:a05:6638:44e:: with SMTP id r14mr1406890jap.65.1550815039096; Thu, 21 Feb 2019 21:57:19 -0800 (PST)
MIME-Version: 1.0
From: Aaron Parecki <aaron@parecki.com>
Date: Thu, 21 Feb 2019 21:57:08 -0800
X-Gmail-Original-Message-ID: <CAGBSGjrrVbZhcnA8dNMp7xJnceGj8GzFJ-PeqQ6yFrOpgYjG5Q@mail.gmail.com>
Message-ID: <CAGBSGjrrVbZhcnA8dNMp7xJnceGj8GzFJ-PeqQ6yFrOpgYjG5Q@mail.gmail.com>
To: OAuth WG <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000084904405827543df"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/eyb6-9Hvydq0SNeeQdHKU9-6anw>
Subject: [OAUTH-WG] Correct error code for rate limiting?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Feb 2019 05:57:23 -0000

The OAuth password grant section mentions taking appropriate measures to
rate limit password requests at the token endpoint. However the error
responses section (
https://tools.ietf.org/html/rfc6749#section-5.2) doesn't mention an error
code to use if the request is being rate limited. What's the recommended
practice here? Thanks!

Aaron

-- 
----
Aaron Parecki
aaronparecki.com
@aaronpk <http://twitter.com/aaronpk>

v2.23.0 | Report a Bug | By Email