[Openid-specs-ab] Corrected Registration error response examples to use WWW-Authenticate

Nat Sakimura sakimura at gmail.com
Tue Dec 17 02:03:02 UTC 2013


Assuming the link has been updated, the example code seems to be wrong.

It states:

  HTTP/1.1 400 Bad Request
  WWW-Authenticate: error="invalid_redirect_uri",
    error_description="One or more redirect_uri values are invalid"
  Cache-Control: no-store
  Pragma: no-cache


As you can see, this is missing the required authorization schema, which in
our case is "Bearer".
The same is true for the ReadError.

RFC6750 states the example correctly as:

     HTTP/1.1 401 Unauthorized
     WWW-Authenticate: Bearer realm="example",
                       error="invalid_token",
                       error_description="The access token expired"




Best,

Nat


2013/12/16 Mike Jones <Michael.Jones at microsoft.com>

>  The Registration error responses are specified to return errors using
> the mechanism defined in RFC 6750, but the examples didn’t do this.  This
> has now been corrected.
>
>
>
> See
> http://openid.bitbucket.org/openid-connect-registration-1_0.html#RegistrationErrorand
> http://openid.bitbucket.org/openid-connect-registration-1_0.html#ReadError
> .
>
>
>
>                                                             -- Mike
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>


-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131217/b4762335/attachment.html>


More information about the Openid-specs-ab mailing list