[Openid-specs-ab] OP specific error code in authz error response

Tatsuo Kudo t-kudo at nri.co.jp
Fri Dec 17 06:58:33 UTC 2010 

Hi,

I was wondering if the Artifact Binding could allow OPs to specify
custom error codes in "error" parameter described in the section 8.5.2
of the specification.  Can anyone clarify that?

I am in the process of designing APIs of our commercial identity
federation services which leverage the AB spec and would like to
utilize the error parameter to indicate some service specific error
reasons to RPs.

As per the current version of RC3, OP seems to be prohibited to
include any codes other than those described.  Is it possible to make
some spec changes to include other codes?

 8.5.2.  End-user Denies Authorization or Invalid Request FIle
 https://openid4.us/specs/ab/#authz_error
----------------------------------------------------------------------
8.5.2.  End-user Denies Authorization or Invalid Request FIle

    * error - A single error code as described below.
    * request_uri - Set to the exact value received from the RP.
    * state - Set to the exact value received from the RP.

No other parameter SHOULD be returned. The entire URL MUST NOT exceed
512 bytes.

Error codes are as follows:

    * invalid_request - The request is missing a required parameter,
      includes an unsupported parameter or parameter value, or is
      otherwise malformed.

    * invalid_client - The client identifier provided is
      invalid. unauthorized_client The client is not authorized to use
      the requested response type.

    * redirect_uri_mismatch - The redirection URI provided does not
      match a pre-registered value.

    * access_denied - The end-user or authorization server denied the
      request.

    * unsupported_response_type - The requested response type is not
      supported by the authorization server.

    * invalid_scope - The requested scope is invalid, unknown, or
      malformed.

    * setup_needed - "immediate" request denied so that the user
      interaction was required.
----------------------------------------------------------------------

Thanks,
Tatsuo.

PLEASE READ:This e-mail is confidential and intended for the named
recipient only. If you are not an intended recipient, please notify
the sender and delete this e-mail.

More information about the Openid-specs-ab mailing list