[Openid-specs-ab] Corrected Registration error response examples to use WWW-Authenticate

Brian Campbell bcampbell at pingidentity.com
Tue Dec 17 13:57:07 UTC 2013


The first example at
http://openid.bitbucket.org/openid-connect-registration-1_0.html#RegistrationErrorshould
be put back to showing the error in JSON in the response body.
invalid_redirect_uri is a registration error which doesn't make sense with
WWW-Authenticate or RFC 6750

See also Vladimir and my comments on
https://bitbucket.org/openid/connect/issue/912/registration-33-client-registration-error


On Mon, Dec 16, 2013 at 7:03 PM, Nat Sakimura <sakimura at gmail.com> wrote:

> Assuming the link has been updated, the example code seems to be wrong.
>
> It states:
>
>   HTTP/1.1 400 Bad Request
>   WWW-Authenticate: error="invalid_redirect_uri",
>     error_description="One or more redirect_uri values are invalid"
>   Cache-Control: no-store
>   Pragma: no-cache
>
>
> As you can see, this is missing the required authorization schema, which
> in our case is "Bearer".
> The same is true for the ReadError.
>
> RFC6750 states the example correctly as:
>
>      HTTP/1.1 401 Unauthorized
>      WWW-Authenticate: Bearer realm="example",
>                        error="invalid_token",
>                        error_description="The access token expired"
>
>
>
>
> Best,
>
> Nat
>
>
> 2013/12/16 Mike Jones <Michael.Jones at microsoft.com>
>
>>   The Registration error responses are specified to return errors using
>> the mechanism defined in RFC 6750, but the examples didn’t do this.  This
>> has now been corrected.
>>
>>
>>
>> See
>> http://openid.bitbucket.org/openid-connect-registration-1_0.html#RegistrationErrorand
>> http://openid.bitbucket.org/openid-connect-registration-1_0.html#ReadError
>> .
>>
>>
>>
>>                                                             -- Mike
>>
>>
>>
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>>
>
>
> --
> Nat Sakimura (=nat)
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131217/7263ab1b/attachment.html>


More information about the Openid-specs-ab mailing list