Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

support the spec of 'invalid_token' response #240

Closed

Conversation

Projects
None yet
3 participants
@masarakki
Copy link

commented Jun 6, 2013

WWW-Authenticate header is required when authenticate error.
see it: http://tools.ietf.org/html/rfc6750\#section-3

@sparksp

This comment has been minimized.

Copy link
Contributor

commented Jun 10, 2013

👍

1 similar comment
@tadd

This comment has been minimized.

Copy link

commented Jun 12, 2013

👍

masarakki
support the spec of 'invalid_token' response
WWW-Authenticate header is required when authenticate error.
see it: http://tools.ietf.org/html/rfc6750\#section-3
@masarakki

This comment has been minimized.

Copy link
Author

commented Jun 13, 2013

@sparksp I fixed for your 2 comments, thanks!

@sparksp

This comment has been minimized.

Copy link
Contributor

commented Jun 14, 2013

I made a few more updates based on your initial work to add WWW-Authenticate to all Doorkeeper errors (it's required for all 401 errors, recommended for other errors too). What do you think? https://github.com/crowdlab-uk/doorkeeper/commit/3fb46ca16eb396ef54a551decdc5291a7f0c7e60

Next step is trying to generate 400 and 403's in appropriate places (bad input and insufficient scope).

@masarakki

This comment has been minimized.

Copy link
Author

commented Jun 14, 2013

it's good!
What can I do?

and I already created patch to use 400 when invalid_request,
masarakki@c3d7cf5
but it cares only for 400.

I thought other errors like 403 should be cared by other place, (ErrorResponse.from_request ?)
but it is too complex for me.

@masarakki

This comment has been minimized.

Copy link
Author

commented Nov 29, 2013

#318 is based on it and better, so close it.

@masarakki masarakki closed this Nov 29, 2013

@masarakki masarakki deleted the masarakki:invalid_token_respose branch Aug 25, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.