Re: [OAUTH-WG] Question about error response rule described in section 4.3 of draft v.10
Torsten Lodderstedt <torsten@lodderstedt.net> Sat, 18 September 2010 18:14 UTC
Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9D7683A6886 for <oauth@core3.amsl.com>; Sat, 18 Sep 2010 11:14:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k+mcc3WDLZ4l for <oauth@core3.amsl.com>; Sat, 18 Sep 2010 11:14:13 -0700 (PDT)
Received: from smtprelay02.ispgateway.de (smtprelay02.ispgateway.de [80.67.29.24]) by core3.amsl.com (Postfix) with ESMTP id C9AF13A6876 for <oauth@ietf.org>; Sat, 18 Sep 2010 11:14:00 -0700 (PDT)
Received: from p578efbda.dip.t-dialin.net ([87.142.251.218] helo=[127.0.0.1]) by smtprelay02.ispgateway.de with esmtpa (Exim 4.68) (envelope-from <torsten@lodderstedt.net>) id 1Ox1vZ-0002dv-Eq; Sat, 18 Sep 2010 20:14:21 +0200
Message-ID: <4C95016C.2030302@lodderstedt.net>
Date: Sat, 18 Sep 2010 20:14:04 +0200
From: Torsten Lodderstedt <torsten@lodderstedt.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2
MIME-Version: 1.0
To: "matake@gmail" <matake@gmail.com>
References: <C636E369-02E8-451F-AC0A-FCDA5555FDD1@gmail.com>
In-Reply-To: <C636E369-02E8-451F-AC0A-FCDA5555FDD1@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Df-Sender: 141509
Cc: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Question about error response rule described in section 4.3 of draft v.10
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Sep 2010 18:14:15 -0000
Default for client password authentication is HTTP BASIC (cf. http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-2.1) regards, Torsten. Am 16.09.2010 15:52, schrieb matake@gmail: > Hi experts, > > I'm now developing OAuth2 server library in Ruby, rack-oauth2. > > I have one question about error response. > > In section 4.3, it says > > "If the client provided invalid credentials using an HTTP authentication scheme via the "Authorization" request header field, the authorization server MUST respond with the HTTP 401 (Unauthorized) status code.Otherwise, the authorization server SHALL respond with the HTTP 400 (Bad Request) status code." > > In which case, client sends credentials via the "Authorization" request header? > In my understanding, client put any credentials in request body when obtaining an access token. > Is there some use-cases I'm missing? > > Thanks > > -- > Nov Matake (=nov) > http://matake.jp > http://twitter.com/nov > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- Re: [OAUTH-WG] Question about error response rule… matake@gmail
- [OAUTH-WG] Question about error response rule des… matake@gmail
- Re: [OAUTH-WG] Question about error response rule… Torsten Lodderstedt