[Openid-specs-mobile-profile] additional CIBA error codes?
Axel.Nennker at telekom.de
Axel.Nennker at telekom.de
Wed Jan 25 13:05:49 UTC 2017
Hi all,
There is a proposal to add the following error codes to CIBA:
general_failure : any unrecognized errors, or system level failures.
consent_failure : user rejected the consent but authenticated successfully.
invalid_polling_token : polling token received by ID GW is erroneous , invalid
response_already_sent : second time re-use of the same polling token.
I think that general_failure is not needed because that is HTTP 500 already.
I think that invalid_polling_token is not needed because that could be just treated as an OAUTH2 client authentication failure.
Not sure about the other two. In general endpoint should not be too chatty about authentication errors or information about users...
"response_already_sent" is something like an authentication error again.
"consent_failure" gives information about the user which they not necessarily want to reveal...
WDYT?
//Axel
From: Openid-specs-mobile-profile [mailto:openid-specs-mobile-profile-bounces at lists.openid.net] On Behalf Of Nennker, Axel
Sent: Wednesday, January 25, 2017 1:56 PM
To: openid-specs-mobile-profile at lists.openid.net
Subject: [Openid-specs-mobile-profile] CIBA error codes
Hi all,
Gonza took the time and updated the CIBA error codes.
Please review.
https://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?Submit=Submit&format=ascii&mode=html&type=ascii&url=https://bitbucket.org/openid/mobile/raw/tip/draft-mobile-client-initiated-backchannel-authentication.xml?at=default#auth_error_response
kind regards
Axel
More information about the Openid-specs-mobile-profile
mailing list