The text should say when the RS SHALL respond to the client with an authentication header indicating an error

Question

The text should say when the RS SHALL respond to the client with an authentication header indicating an error

Denisthemalice opened this issue 4 years ago · 3 comments

Section 5 is about Requesting Resources With Insufficient Access

This section has been imported from the main document. The second sentence states:

If the client instance calls an RS without an access token, or with an invalid access token, the RS MAY respond to the client instance with an authentication header indicating that GNAP needs to be used to access the resource.

The text should say exactly when the RS SHALL "respond to the client instance with an authentication header indicating that GNAP needs to be used to access the resource". There are other error cases which can be described using less than half a page.

The hierarchy between these errors cases should be indicated so that interoperability tests can be performed, i.e. some requests with intentionally included errors should produce the same error results between different implementations.

Answer 1 · 2021-05-05T20:16:11.000Z

GNAP cannot definitively define all error responses across all different kinds of GNAP-protected APIs.

Answer 2 · 2021-05-11T10:44:01.000Z

At the present time, the header error code that should be returned in the specific case which is being considered is not even indicated.

Answer 3 · 2021-05-12T15:58:57.000Z

The RS-to-client communication described in this issue is not relevant to the AS-to-RS communication. Additionally, this was already discussed in 185 and 203 and closed after discussion.