This wiki is no longer active and is left here for historical purposes. Please visit oauth.net for up-to-date information.
View
 

ProblemReporting

This version was saved 10 years, 3 months ago View current version     Page history
Saved by PBworks
on October 9, 2007 at 1:28:40 pm
 

Extension: Problem Reporting

 

This is an extension to OAuth, defining how a Service Provider can report a problem to a Consumer. This enables the Consumer to provide a more satisfying experience to the User, by resolving the problem quietly or giving the User actionable advice for resolving the problem.

 

To discuss this extension, please use the API failure handling thread in the Google Group OAuth Extensions.

 

A Service Provider MAY report a problem by including the following parameters in any HTTP response. These parameters SHOULD be included in an OAuth WWW-Authenticate header (per OAuth section 5.4.2), and MAY also be included in the response body (per OAuth section 5.3). These parameters MAY be sent in both the header and body of the same response, in which case these parameters SHOULD be identical in these two places.

 

The parameter named oauth_problem is a positive number in decimal notation. Its permitted values and their meanings are:

 

  1. the oauth_version isn't supported by the Service Provider. In this case, the response SHOULD also contain an oauth_acceptable_versions parameter (described below).
  2. the oauth_consumer_key is unknown to the Service Provider.
  3. the oauth_consumer_key is permanently unacceptable to the Service Provider. For example, the Consumer may be black listed.
  4. the oauth_consumer_key is temporarily unacceptable to the Service Provider. For example, the Service Provider may be throttling the Consumer.
  5. the oauth_token has been consumed. That is, it can't be used any more because it has already been used in a previous request or requests.
  6. the oauth_token has expired. That is, it was issued too long ago to be used now.
  7. the oauth_token is unacceptable to the Service Provider. The reason is unspecified. It might mean that the token was never issued, or consumed or expired and then subsequently forgotten by the Service Provider.
  8. the oauth_signature_method is unacceptable to the Service Provider.
  9. the oauth_timestamp value is unacceptable to the Service Provider. In this case, the response SHOULD also contain an oauth_acceptable_timestamps parameter (described below).
  10. the oauth_nonce value was used in a previous request, and consequently can't be used now.

 

Other values of oauth_problem MUST NOT be used. However, a Consumer SHOULD be prepared to receive other values, from a Service Provider that implements a future version of problem reporting.

 

The parameter named oauth_acceptable_versions consists of two version numbers separated by '-' (hyphen). It's the range of versions acceptable to the sender. That is, it means the sender will currently accept an oauth_version that's not less than the first number and not greater than the second number. A version A.B is considered greater than C.D if either A > C, or A = C and B > D.

 

The parameter named oauth_acceptable_timestamps consists of two numbers in decimal notation, separated by '-' (hyphen). It's the range of timestamps acceptable to the sender. That is, it means the sender will currently accept an oauth_timestamp that's not less than the first number and not greater than the second number.

 

The parameter named oauth_problem_advice consists of free-form text to be shown to the User. It SHOULD describe the problem in a way that's meaningful to the User, and suggest how to resolve the problem. The Consumer MUST NOT interpret it as HTML or any other markup language; all the characters MUST be displayed to the user. To indicate a line break, the single character LF (Unicode U+000A) MUST be used.

Comments (0)

You don't have permission to comment on this page.