Hello -

In building my OAuth authentication module, I want to create way to provide as much salient feedback as possible to the client while also allowing custom error messages for the server. For example, instead of having a generic 403 (Forbidden) return code and that's it, it would be nice if I could return more detailed information like parameter missing, or signature mismatch, etc.

Additionally, most OAuth clients will be web APIs, so the normal place to put this is in the content payload (an XML response for example). However, the form of the response will change and would prefer to be customized by each server's API developer. For example, a simple one might be to return HTTP code 403 and present one of several detailed messages like this:

[code]
<supercoolapi><statusmessage>Missing parameter consumer_key</statusmessage></supercoolapi>
<supercoolapi><statusmessage>Unknown consumer_key</statusmessage></supercoolapi>
[/code]


... but how do I communicate properly between the plugin (which knows WHY the failure is a failure) and the API developer (who knows how to properly format the message)?

Here is Yahoo's list of error codes returned as an example of the complexity involved
http://developer.yahoo.com/oauth/guide/oauth-errors.html

The only thing I could think of was to have the user supply a "template file" which has some kind of limited variable substitution in it. So it might be something like:

[code]
<supercoolapi><statusmessage>${error_message}</statusmessage></supercoolapi>
[/code]


Is there a better way to do this?

Thanks in advance,

Chris