Registration - 3.3. Client Registration Error Response example is missing schema

Comments (4)

1. 

   Michael Jones

   • changed status to resolved

   Fixed #912 - Added missing "Bearer" authorization scheme to the WWW-Authenticate responses. Use defined term Grant Type.

   → <<cset f184a243ed15>>

   • 2013-12-17T03:41:18+00:00
2. 

   Vladimir Dzhuvinov

   Hi guys,

   The original example was wrong, but I believe the fix was incorrect:

   http://openid.bitbucket.org/openid-connect-registration-1_0.html#RegistrationError

   When a registration error condition occurs, the Client Registration Endpoint returns a HTTP 400 Bad request status code including a JSON object describing the error in the response body.

   Therefore, for a invalid_redirect_uri the error object should be put into the body, and not tweaked into the WWW-Authenticate header.

   You can also have a look at http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-14#section-5.2

   HTTP/1.1 400 Bad Request
   Content-Type: application/json
   Cache-Control: no-store
   Pragma: no-cache
   
   {
    "error":"invalid_redirect_uri",
    "error_description":"The redirect URI of http://sketchy.example.com is not allowed for this server."
   }
   

   • 2013-12-17T09:43:45+00:00
3. 

   Brian Campbell

   @vdzhuvinov is correct here. The registration error responses should return errors using the mechanism defined in RFC 6750 only for errors related to OAuth access token. WWW-Authenticate and headers should not be overloaded to try and convey application level errors in registration.

   • 2013-12-17T13:49:06+00:00
4. 

   Michael Jones

   Fixed #912 - Correct registration error example to return error in JSON body

   → <<cset b1162b380763>>

   • 2013-12-17T16:23:51+00:00
5. Log in to comment