Messages 2.3.3. UserInfo Error Response - Define suitable HTTP status code for invalid_schema error

Issue #670 resolved
Vladimir Dzhuvinov created an issue

The UserInfo error response defines an additional "invalid_schema" error code along the ones specified in OAuth.Bearer, however doesn't suggest an HTTP status code to go along with.

Comments (6)

  1. OpenID Foundation repo owner

    (Reply via

    Any HTTP specific things should go into Standard and not Messages.

    =nat via iPhone

    =nat via iPhone

  2. Vladimir Dzhuvinov reporter

    You're right, the "invalid_schema" error doesn't appear directly related to authorisation. I can however imagine that in terms of parsing UserInfo errors it would be easier to have the same format for all errors.

    But why is the "schema" parameter required for UserInfo requests in the first place? The spec says that the only defined value is "openid", so it seems redundant.

  3. Michael Jones

    We're using schema=openid as a signal for implementations not to use their default schemas when they are different.

    We can add in Standard that 400 Bad Request should be returned as the HTTP error.

  4. Log in to comment