Messages 2.3.3. UserInfo Error Response - Define suitable HTTP status code for invalid_schema error

Comments (6)

1. 

   Vladimir Dzhuvinov reporter

   • edited description

   • 2012-10-22T13:24:09+00:00
2. 

   OpenID Foundation repo owner

   (Reply via n...@sakimura.org):

   Any HTTP specific things should go into Standard and not Messages.

   =nat via iPhone

   =nat via iPhone

   • 2012-10-22T15:00:05+00:00
3. 

   Brian Campbell

   Okay but Messages directly references http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-23#section-3.1 (soon to be http://tools.ietf.org/html/rfc6750#section-3.1) here which is itself completely HTTP specific.

   Anyway, it seems inappropriate for The UserInfo endpoint to use the OAuth.Bearer error mechanism for non-oauth endpoint specific errors.

   • 2012-10-23T14:35:53+00:00
4. 

   Vladimir Dzhuvinov reporter

   You're right, the "invalid_schema" error doesn't appear directly related to authorisation. I can however imagine that in terms of parsing UserInfo errors it would be easier to have the same format for all errors.

   But why is the "schema" parameter required for UserInfo requests in the first place? The spec says that the only defined value is "openid", so it seems redundant.

   • 2012-10-24T05:36:24+00:00
5. 

   Michael Jones

   • assigned issue to
     
     Edmund Jay

   We're using schema=openid as a signal for implementations not to use their default schemas when they are different.

   We can add in Standard that 400 Bad Request should be returned as the HTTP error.

   • 2012-11-05T23:38:49+00:00
6. 

   Edmund Jay

   • changed status to resolved

   fixes #670: Messages 2.3.3. UserInfo Error Response - Define suitable HTTP status code for invalid_schema error

   → <<cset 005aad067e97>>

   • 2012-11-20T01:00:41+00:00
7. Log in to comment