Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2
Mike Jones <Michael.Jones@microsoft.com> Sun, 15 July 2012 00:42 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 520D821F85F0 for <oauth@ietfa.amsl.com>; Sat, 14 Jul 2012 17:42:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.498
X-Spam-Level:
X-Spam-Status: No, score=-3.498 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_22=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zLNDIMJFcaZe for <oauth@ietfa.amsl.com>; Sat, 14 Jul 2012 17:42:33 -0700 (PDT)
Received: from db3outboundpool.messaging.microsoft.com (db3ehsobe001.messaging.microsoft.com [213.199.154.139]) by ietfa.amsl.com (Postfix) with ESMTP id A382021F85EF for <oauth@ietf.org>; Sat, 14 Jul 2012 17:42:32 -0700 (PDT)
Received: from mail77-db3-R.bigfish.com (10.3.81.230) by DB3EHSOBE004.bigfish.com (10.3.84.24) with Microsoft SMTP Server id 14.1.225.23; Sun, 15 Jul 2012 00:43:12 +0000
Received: from mail77-db3 (localhost [127.0.0.1]) by mail77-db3-R.bigfish.com (Postfix) with ESMTP id 34FA4100357; Sun, 15 Jul 2012 00:43:12 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC104.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -30
X-BigFish: VS-30(zz98dI9371I1503M936eIc85fh4015I1447Izz1202hzz1033IL8275bh8275dhz2fh2a8h668h839hd25hf0ah107ah)
Received-SPF: pass (mail77-db3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC104.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail77-db3 (localhost.localdomain [127.0.0.1]) by mail77-db3 (MessageSwitch) id 1342312989890661_1315; Sun, 15 Jul 2012 00:43:09 +0000 (UTC)
Received: from DB3EHSMHS018.bigfish.com (unknown [10.3.81.234]) by mail77-db3.bigfish.com (Postfix) with ESMTP id CCD72140043; Sun, 15 Jul 2012 00:43:09 +0000 (UTC)
Received: from TK5EX14MLTC104.redmond.corp.microsoft.com (131.107.125.8) by DB3EHSMHS018.bigfish.com (10.3.87.118) with Microsoft SMTP Server (TLS) id 14.1.225.23; Sun, 15 Jul 2012 00:43:09 +0000
Received: from TK5EX14MBXC285.redmond.corp.microsoft.com ([169.254.3.222]) by TK5EX14MLTC104.redmond.corp.microsoft.com ([157.54.79.159]) with mapi id 14.02.0298.005; Sun, 15 Jul 2012 00:43:07 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: John Bradley <ve7jtb@ve7jtb.com>, Dick Hardt <dick.hardt@gmail.com>
Thread-Topic: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2
Thread-Index: AQHNYh9n/ieHaUgV50Sr+iVNhMLxO5cpgGOAgAAAM4A=
Date: Sun, 15 Jul 2012 00:43:06 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394366730EC2@TK5EX14MBXC285.redmond.corp.microsoft.com>
References: <CC259909.D103%charles_honton@intuit.com> <C9826DB3-31B8-492A-8319-246235315590@gmail.com> <C9E33EB1-49B8-4512-B19D-F0B48761DE09@ve7jtb.com>
In-Reply-To: <C9E33EB1-49B8-4512-B19D-F0B48761DE09@ve7jtb.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.32]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B168042967394366730EC2TK5EX14MBXC285r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: "draft-ietf-oauth-v2@tools.ietf.org" <draft-ietf-oauth-v2@tools.ietf.org>, "Honton, Charles" <Charles_Honton@intuit.com>, "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Jul 2012 00:42:37 -0000
I'm good with this change. BTW, I suggest we put parenthesis around the new sentences, making it clear that they are an aside, rather than a normative part of the error code definitions. So the text would then read: server_error The authorization server encountered an unexpected condition which prevented it from fulfilling the request. (This error code is needed because a 500 Internal Server Error HTTP status code cannot be returned to the client via a HTTP redirect.) temporarily_unavailable The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server. (This error code is needed because a 503 Service Unavailable HTTP status code cannot be returned to the client via a HTTP redirect.) -- Mike From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of John Bradley Sent: Saturday, July 14, 2012 5:40 PM To: Dick Hardt Cc: draft-ietf-oauth-v2@tools.ietf.org; Honton, Charles; oauth@ietf.org WG Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 I am OK with that wording. It is not a change just a clarification that may make things clearer to developers. John B. On 2012-07-14, at 6:18 PM, Dick Hardt wrote: Great suggestion Charles. I think this is a good clarification. I'll adjust the copy you sent to be what follows in a new draft published tomorrow evening (Sunday PT) unless someone objects. -- Dick In both sections 4.1.2.1 and 4.2.2.1: server_error The authorization server encountered an unexpected condition which prevented it from fulfilling the request. This error code is needed because a 500 Internal Server Error HTTP status code cannot be returned to the client via a HTTP redirect. temporarily_unavailable The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server. This error code is needed because a 503 Service Unavailable HTTP status code cannot be returned to the client via a HTTP redirect. On Jul 13, 2012, at 9:45 AM, Honton, Charles wrote: Just to make sure I understand... If the Authorization Server returns a 5xx, the User-Agent will immediately display a error message. If the Authorization Server returns an error code in the redirect, the Client can take alternative actions or appropriately message the error. If this is correct, perhaps a slight change in wording will explain the lack of symmetry in the error codes. In both sections 4.1.2.1 and 4.2.2.1: server_error The authorization server encountered an unexpected condition which prevented it from fulfilling the request. Using this error code allows the Client to handle this condition instead of the User-Agent temporarily_unavailable The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server. Using this error code allows the Client to handle this condition instead of the User-Agent Thanks, chas From: John Bradley <ve7jtb@ve7jtb.com<mailto:ve7jtb@ve7jtb.com>> Date: Friday, July 13, 2012 9:08 AM To: Charles Honton <charles_honton@intuit.com<mailto:charles_honton@intuit.com>> Cc: Dick Hardt <dick.hardt@gmail.com<mailto:dick.hardt@gmail.com>>, "draft-ietf-oauth-v2@tools.ietf.org<mailto:draft-ietf-oauth-v2@tools.ietf.org>" <draft-ietf-oauth-v2@tools.ietf.org<mailto:draft-ietf-oauth-v2@tools.ietf.org>>, "oauth@ietf.org<mailto:oauth@ietf.org> WG" <oauth@ietf.org<mailto:oauth@ietf.org>> Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 4.2.2.1 and 4.1.2.1 are error codes that are returned to the client through the browser via a 302 redirect. You can't send a 5xx error via a 302 redirect. That is why those need error messages specific to OAuth. Errors not being sent via redirect use normal http error codes. I thought that was clear. Is there some general confusion on this? John B. On 2012-07-13, at 11:55 AM, Honton, Charles wrote: Great! Because this question has come up multiple times, perhaps the rfc could explain the use of 5xx return code in addition to error_code. I must be missing something. Why are server_error and temporarily_unavailable specified in sections 4.2.2.1 and 4.1.2.1? Is there a distinction between 5xx return code and error_code in these cases? Chas From: John Bradley <ve7jtb@ve7jtb.com<mailto:ve7jtb@ve7jtb.com>> Date: Friday, July 13, 2012 4:04 AM To: Dick Hardt <dick.hardt@gmail.com<mailto:dick.hardt@gmail.com>> Cc: Charles Honton <charles_honton@intuit.com<mailto:charles_honton@intuit.com>>, "draft-ietf-oauth-v2@tools.ietf.org<mailto:draft-ietf-oauth-v2@tools.ietf.org>" <draft-ietf-oauth-v2@tools.ietf.org<mailto:draft-ietf-oauth-v2@tools.ietf.org>>, "oauth@ietf.org<mailto:oauth@ietf.org> WG" <oauth@ietf.org<mailto:oauth@ietf.org>> Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 FRom what I can see in a similar discussion Eran pointed out that this is a direct communication, communication between the client and token endpoint. Server Error and temporarily unavailable are not OAuth specific and are handled by existing HTTP error codes. I don't see a need for a change. Unless something else dramatic comes up I would like to see draft 29 go to the RFC editor. (Though one person mentioned to me that 30 is a nicer number:) John B. On 2012-07-12, at 8:09 PM, Dick Hardt wrote: Charles Thanks for the suggestion. I just did publish a new draft that included a number of items that had been discussed and I would like to get some feedback on your suggestion before incorporating it (or not). Does anyone have feedback on the change below? (+/-) -- Dick On Jul 12, 2012, at 1:45 PM, Honton, Charles wrote: E. Hammer, D. Recordon, D. Hardt, et.al, I'm looking at draft 28 (http://tools.ietf.org/html/draft-ietf-oauth-v2-28). In Section 5.2 the error code should probably include: server_error The authorization server encountered an unexpected condition which prevented it from fulfilling the request. temporarily_unavailable The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server. Regards, chas _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 Eran Hammer
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 Justin Richer
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 Nat Sakimura
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 Dick Hardt
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 Antonio Sanso
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 John Bradley
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 John Bradley
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 William Mills
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 Mike Jones
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 Dick Hardt
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 John Bradley
- Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-v2 Mike Jones