oauth - Java OAuth2 Provider Implementation | Custom Errors -

-

i have searched high , low answer question , i'm reaching out community.

  • i'm trying build oauth2 access token endpoint in java.
  • i'll implementing resource owner credentials grant type return access token. (specifying end-user's username/password access token)
  • during authentication of user credentials, number of rules prevent user having access web service, such user account being locked.
  • the oauth2 rfc says errors must returned follows:
    { "error":"invalid_request", "error_description":"description", "error_uri":"some_link" }
  • it's understanding oauth spec lists standard error codes , should avoid custom error codes in response, {"error":"account_locked"}; however, i've seen api providers this.
  • i need clients of api able read error code in response know when account locked. (or other specific scenarios)

    now questions are:
  • does here have experience suggest how should scenario implemented?
  • should implement custom error codes?
  • should forget oauth2 spec , build /token endpoint same thing: authenticates user, generates token, , returns api's standard error response?

  1. i don't have same senario. won't use custom error codes since violates oauth2. instead, may consider using "error_description" error-code field in case; or can add biz_error_code field.

  2. yes, can forget oauth2, not flexible in terms of http status code , error_code. end building similar oauth2's 'password' grant_type, such access token , refresh token.


Comments

Post a Comment

Popular posts from this blog

java - Date formats difference between yyyy-MM-dd'T'HH:mm:ss and yyyy-MM-dd'T'HH:mm:ssXXX -

-
i trying parse date 2014-12-03t10:05:59.5646+08:00 using these 2 formats: yyyy-mm-dd't'hh:mm:ss yyyy-mm-dd't'hh:mm:ssxxx when parse using yyyy-mm-dd't'hh:mm:ss works fine, when parse yyyy-mm-dd't'hh:mm:ssxxx parseexception thrown. which correct format parse date , difference between these 2 formats? note : cannot use joda :( those valid formats: yyyy-mm-dd't'hh:mm:ss.sssz >>> e.g.: 2001-07-04t12:08:56.235-0700 yyyy-mm-dd't'hh:mm:ss.sssxxx >>> e.g.: 2001-07-04t12:08:56.235-07:00 edit: btw, "x" refer (iso 8601 time zone)
Read more

c# - Get rid of xmlns attribute when adding node to existing xml -

-
i have xml-file: <ns2:root xmlns:ns2="namespace"> <ns2:a> <ns2:b>some content</b> <ns2:c>some content</c> <ns2:d>some content</d> </a> </root> i need add new node in specific place, code is: var doc = xdocument.load(file); xnamespace ns2 = "namespace"; doc.element(ns2 + "root").element(ns2 + "a").element(ns2 + "c").addafterself( new xelement(ns2+"new", new xelement("new1", new xelement("new2","some content"), new xelement("new3", "some content")))); the output is: <ns2:root xmlns:ns2="namespace"> <ns2:a> <ns2:b>some content</b> <ns2:c>some content</c> <ns2:new> <new1 xmlns=""> <new2>some content</new2> ...
Read more