Re: [OAUTH-WG] HTTP responses
Martin Thomson <martin.thomson@gmail.com> Wed, 28 March 2012 03:56 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC12021E801A for <oauth@ietfa.amsl.com>; Tue, 27 Mar 2012 20:56:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.673
X-Spam-Level:
X-Spam-Status: No, score=-4.673 tagged_above=-999 required=5 tests=[AWL=-1.074, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e1ByMrhDfmnl for <oauth@ietfa.amsl.com>; Tue, 27 Mar 2012 20:56:23 -0700 (PDT)
Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id 02FCE21F85CD for <oauth@ietf.org>; Tue, 27 Mar 2012 20:56:22 -0700 (PDT)
Received: by bkuw5 with SMTP id w5so548044bku.31 for <oauth@ietf.org>; Tue, 27 Mar 2012 20:56:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=3zUN/bry8idUbWDRAk/5GHqE1W8z0fLk+H/I/7xCVr8=; b=uO+LsOetu3/ioee5elpbn6ky1yBt8wAWV9T+DC+OcWO5CEI9qZ/oXFd4TuCaLDk2Gi m3CXCnHC7mCLKnJ81RplNl1Vs4A+fWkb9mCItcsC6V9p3GfJjqC/5CBQWU36GHk+6tLX o1Tn2ai8v6/ofr+mvLaY3AoNiCW2UpDSeudEOk4dXMkQQ7LVaQsBWQ3vbQXAHTcKh4Y2 ne1+qcMUMDq7s5rWvt5vJbphdm4Q9XPvtCfaDdtr7IJsun0F01cG6WerAlKcPGnnH+hh /IgoLomguktI3+qdBh/6a1jaubvd1h16fx3VKBSmHCmB10ZG4UVxSA4gf0MNWgVTASvY 11MQ==
MIME-Version: 1.0
Received: by 10.204.131.84 with SMTP id w20mr11133255bks.65.1332906982134; Tue, 27 Mar 2012 20:56:22 -0700 (PDT)
Received: by 10.205.38.73 with HTTP; Tue, 27 Mar 2012 20:56:22 -0700 (PDT)
In-Reply-To: <792D4CD7-4F56-4F4D-8450-D02A875583A1@bloudraak.com>
References: <D283E4FA-2F01-4E3A-9B2A-64AC89DAF7B8@bloudraak.com> <4008FD89-8DCA-414E-A92D-97EB377BEAA5@mitre.org> <792D4CD7-4F56-4F4D-8450-D02A875583A1@bloudraak.com>
Date: Wed, 28 Mar 2012 05:56:22 +0200
Message-ID: <CABkgnnWe9PwfoYnXAurQKVvHtQ2Jbm=FJ54p_KaRxOP+SSTOhQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Werner Strydom <werners@bloudraak.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: "<oauth@ietf.org>" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] HTTP responses
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Mar 2012 03:56:23 -0000
Accepted wisdom says that you create a MIME media type in these sorts of scenarios. On 28 March 2012 05:28, Werner Strydom <werners@bloudraak.com> wrote: > Justin, > > I had a quick look. > > You may want to include "text/xml" as a valid xml media type since it is widely used. Additional things to consider includes using XML Schema (XSD) to describe the XML documents. It may also be useful to investigate with one should use XML namespaces or custom media types to differentiate OAuth 2.0 responses from other xml documents. > > For example, I'm writing a REST service which returns HTTP status 400 when invalid data was passed. The resulting document is in "text/xml" format yet conforms to a very different schema than the proposed OAuth xml documents. How do we make this really simple for clients to know what is coming down the line? > > This makes one wonder why the standard proposes we should return 400 when in reality is should return 403 (Forbidden) when you are not authorized. > > Thanks, > Werner > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] HTTP responses Werner Strydom
- Re: [OAUTH-WG] HTTP responses Richer, Justin P.
- Re: [OAUTH-WG] HTTP responses Werner Strydom
- Re: [OAUTH-WG] HTTP responses Martin Thomson