Registration - 5.4 Client Read Error Response

Issue #902 resolved
Nat Sakimura
created an issue

Currently:

When a read error condition occurs, the Client Configuration Endpoint returns a HTTP 401 Unauthorized status code. This indicates that the Access Token is invalid or the Client record requested is invalid or non-existent.

Is it always the case? Do we not have the cases for 403 etc.?

The example is using 403 by the way.

Comments (5)

  1. Nat Sakimura reporter
    • changed status to open

    WG discussed about it and 401 seems to be ok. There does not seem to be any other condition that result in other 40x error. However, the example is using 403 so it needs to be fixed.

    Change 403 example to that of 401.

  2. Michael Jones
    • changed milestone to Final

    The spec has been updated to describe when to return 401 versus 403. We should consider whether to include WWW-Authenticate in the error response example and change the example response to a 401.

  3. Log in to comment