Re: [OAUTH-WG] Adding machine readable errors to SPOP?
Nat Sakimura <sakimura@gmail.com> Fri, 14 November 2014 16:52 UTC
Return-Path: <sakimura@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE0721A1AAF for <oauth@ietfa.amsl.com>; Fri, 14 Nov 2014 08:52:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.739
X-Spam-Level:
X-Spam-Status: No, score=-1.739 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tiKj8up26bYr for <oauth@ietfa.amsl.com>; Fri, 14 Nov 2014 08:52:05 -0800 (PST)
Received: from mail-ig0-x233.google.com (mail-ig0-x233.google.com [IPv6:2607:f8b0:4001:c05::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D4CA1A1ABC for <oauth@ietf.org>; Fri, 14 Nov 2014 08:52:05 -0800 (PST)
Received: by mail-ig0-f179.google.com with SMTP id r10so1831791igi.0 for <oauth@ietf.org>; Fri, 14 Nov 2014 08:52:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:from:date:message-id:subject:to:cc :content-type; bh=kxYccLgVPwmSh1qrEqiU/vxMvNKL2//EfmmuBSMFQBk=; b=XqB6558xd88IARz/LzznIeaQ5sUk2WJcgx3qBb0g3dF4zb8w6EITiGJRy5jWx5NJvu L8IXwf229bOrKrJMX0/1Dai71+FJvRq4DjMiVmU1TslZWxsG5t7eU7XwlBDydwFY722h tIQfMkN/iIS8MZV7y7v7LCtu1qI7kTvQuxikMMTz51g29Bn0+x0r9gSiHmRw8FmC7534 LDCVEwCUcH28mn0yysXUlmcl+dMjF46ChIJ8x5bs2nov7T5YJ+2BQEBmG91qXO3ohbhQ iPBWs1Kwqf8/+Oev3gDNVPW9NHjYvsGV0YXOgG0m3F6KVMbcg41en0NA+rQAZXVwGSKh bRBQ==
X-Received: by 10.42.126.82 with SMTP id d18mr5078417ics.54.1415983924245; Fri, 14 Nov 2014 08:52:04 -0800 (PST)
MIME-Version: 1.0
References: <CABzCy2AqUvaJSpA3sKxWp8zs+kkTnq++Kv0a81JpBor825eaKg@mail.gmail.com> <CA+k3eCTF=SnWP2rE7pRCe4ve_KUhZoCj+h7NhRUjjpEpXEWUVA@mail.gmail.com>
From: Nat Sakimura <sakimura@gmail.com>
Date: Fri, 14 Nov 2014 16:52:03 +0000
Message-ID: <CABzCy2Cd1oWuUmvhMnrNKbzHiA447xHjcvd0z=usMMP3tEzRsg@mail.gmail.com>
To: Brian Campbell <bcampbell@pingidentity.com>
Content-Type: multipart/alternative; boundary="20cf300e5329d020aa0507d472d2"
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/zpEBNVCeN7YQ5_EoDXBcySeW_Kk
Cc: oauth <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Adding machine readable errors to SPOP?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Nov 2014 16:52:07 -0000
<editorhatoff>I find not much, if any. </editorhatoff > On Fri, Nov 14, 2014 at 06:27 Brian Campbell <bcampbell@pingidentity.com> wrote: > I struggle to see the value in adding more fine grained machine readable > error messages for this. > > Do we really want clients to try and negotiate the code_challenge_method > using browser redirects? Especially in light of the fact that we'll likely > also be discouraging AS's from redirecting on some error conditions when > there's no user interaction. > > On Wed, Nov 12, 2014 at 1:48 PM, Nat Sakimura <sakimura@gmail.com> wrote: > >> As discussed at F2F today at IETF 91 OAuth WG, there has been some >> request to have a more fine grained machine readable error messages. >> >> Currently, it only returns the error defined in RFC6749 and any more >> details is supposed to be returned in error_descripton and error_uri. >> >> So, I came up with the following proposal. If WG agrees, I would put text >> embodying it into the draft-04. Otherwise, I would like to go as is. You >> have to speak out to put it in. (I am sending out -03, which we meant to >> send before submit freeze, without it..) >> >> nError response to authorization request >> lReturns invalid_request with additional error param spop_error with the >> following values: >> ▪S256_unsupported >> ▪none_unsupported >> ▪invalid_code_challenge >> >> Clients MUST NOT accept the downgrade >> >> request through this as it may be a downgrade >> >> attack by a MITM. >> nError response to token request >> lReturns invalid_request with additional error param spop_error with the >> following values: >> ▪invalid _code_verifier >> ▪verifier_challenge_mismatch >> nAuthorization server should return more descriptive information on >> lerror_description >> lerror_uri >> >> >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> >>
- [OAUTH-WG] Adding machine readable errors to SPOP? Nat Sakimura
- Re: [OAUTH-WG] Adding machine readable errors to … Mike Jones
- Re: [OAUTH-WG] Adding machine readable errors to … Nat Sakimura
- Re: [OAUTH-WG] Adding machine readable errors to … Bill Mills
- Re: [OAUTH-WG] Adding machine readable errors to … Brian Campbell
- Re: [OAUTH-WG] Adding machine readable errors to … Nat Sakimura
- Re: [OAUTH-WG] Adding machine readable errors to … John Bradley
- Re: [OAUTH-WG] Adding machine readable errors to … Nat Sakimura
- Re: [OAUTH-WG] Adding machine readable errors to … Bill Mills
- Re: [OAUTH-WG] Adding machine readable errors to … Nat Sakimura