- edited description
Messages 2.3.3. UserInfo Error Response - Define suitable HTTP status code for invalid_schema error
The UserInfo error response defines an additional "invalid_schema" error code along the ones specified in OAuth.Bearer, however doesn't suggest an HTTP status code to go along with.
Comments (6)
-
reporter -
repo owner (Reply via n...@sakimura.org):
Any HTTP specific things should go into Standard and not Messages.
=nat via iPhone
=nat via iPhone
-
Okay but Messages directly references http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-23#section-3.1 (soon to be http://tools.ietf.org/html/rfc6750#section-3.1) here which is itself completely HTTP specific.
Anyway, it seems inappropriate for The UserInfo endpoint to use the OAuth.Bearer error mechanism for non-oauth endpoint specific errors.
-
reporter You're right, the "invalid_schema" error doesn't appear directly related to authorisation. I can however imagine that in terms of parsing UserInfo errors it would be easier to have the same format for all errors.
But why is the "schema" parameter required for UserInfo requests in the first place? The spec says that the only defined value is "openid", so it seems redundant.
-
-
assigned issue to
We're using schema=openid as a signal for implementations not to use their default schemas when they are different.
We can add in Standard that 400 Bad Request should be returned as the HTTP error.
-
assigned issue to
-
- changed status to resolved
fixes
#670: Messages 2.3.3. UserInfo Error Response - Define suitable HTTP status code for invalid_schema error→ <<cset 005aad067e97>>
- Log in to comment