- changed status to open
Registration - 5.4 Client Read Error Response
Issue #902
resolved
Currently:
When a read error condition occurs, the Client Configuration Endpoint returns a HTTP 401 Unauthorized status code. This indicates that the Access Token is invalid or the Client record requested is invalid or non-existent.
Is it always the case? Do we not have the cases for 403 etc.?
The example is using 403 by the way.
Comments (5)
-
reporter -
reporter -
assigned issue to
-
assigned issue to
-
- changed milestone to Final
The spec has been updated to describe when to return 401 versus 403. We should consider whether to include WWW-Authenticate in the error response example and change the example response to a 401.
-
reporter Including WWW-Authenticate would be good.
-
- changed status to resolved
- Log in to comment
WG discussed about it and 401 seems to be ok. There does not seem to be any other condition that result in other 40x error. However, the example is using 403 so it needs to be fixed.
Change 403 example to that of 401.