Skip to content

Example of WWW-Authenticate response should be HTTP 401 #64

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
aaronpk opened this issue Apr 9, 2025 · 0 comments · May be fixed by #65
Open

Example of WWW-Authenticate response should be HTTP 401 #64

aaronpk opened this issue Apr 9, 2025 · 0 comments · May be fixed by #65

Comments

@aaronpk
Copy link
Member

aaronpk commented Apr 9, 2025

https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-13.html#section-5.1

The HTTP response code is 400 in the example in this section. However the error description is "No access token was provided in this request". According to the error codes section of RFC6750, if no access token is provided, the RS should not include an error code at all, and should respond with HTTP 401.

I recommend we update the example in the RS Metadata draft to be consistent with RFC6750, since RS Metadata refers to that draft for the error codes already:

The HTTP status code and error string in the example response above are defined by [RFC6750].
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@aaronpk