openid / connect / issues / #902 - Registration - 5.4 Client Read Error Response — Bitbucket

Issue #902 resolved

Nat Sakimura created an issue 2013-11-11

Currently:

When a read error condition occurs, the Client Configuration Endpoint returns a HTTP 401 Unauthorized status code. This indicates that the Access Token is invalid or the Client record requested is invalid or non-existent.

Is it always the case? Do we not have the cases for 403 etc.?

The example is using 403 by the way.

Comments (5)

Nat Sakimura reporter
- changed status to open
WG discussed about it and 401 seems to be ok. There does not seem to be any other condition that result in other 40x error. However, the example is using 403 so it needs to be fixed.

Change 403 example to that of 401.
- 2013-11-11T23:44:06+00:00
Nat Sakimura reporter
- assigned issue to
  
  Michael Jones
- 2013-11-11T23:44:28+00:00
Michael Jones
- changed milestone to Final
The spec has been updated to describe when to return 401 versus 403. We should consider whether to include WWW-Authenticate in the error response example and change the example response to a 401.
- 2013-11-18T23:18:54+00:00
Nat Sakimura reporter
Including WWW-Authenticate would be good.
- 2013-11-21T15:10:09+00:00
Michael Jones
- changed status to resolved
This was fixed by checkins https://bitbucket.org/openid/connect/commits/6a2dc205b443d782c173e0e907fc19e59fe915b2 and https://bitbucket.org/openid/connect/commits/f184a243ed15f8eaaae04f223c7fff659dd18934 .
- 2013-12-17T03:53:11+00:00
Log in to comment

Assignee: Michael Jones

Type: bug

Priority: major

Status: resolved

Component: Registration

Milestone: Final

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!