Messages 2.3.3. UserInfo Error Response - Define suitable HTTP status code for invalid_schema error

Issue #670 resolved
Vladimir Dzhuvinov
created an issue

The UserInfo error response defines an additional "invalid_schema" error code along the ones specified in OAuth.Bearer, however doesn't suggest an HTTP status code to go along with.

Comments (6)

  1. Vladimir Dzhuvinov reporter

    You're right, the "invalid_schema" error doesn't appear directly related to authorisation. I can however imagine that in terms of parsing UserInfo errors it would be easier to have the same format for all errors.

    But why is the "schema" parameter required for UserInfo requests in the first place? The spec says that the only defined value is "openid", so it seems redundant.

  2. Michael Jones

    We're using schema=openid as a signal for implementations not to use their default schemas when they are different.

    We can add in Standard that 400 Bad Request should be returned as the HTTP error.

  3. Log in to comment