RFC Errata
RFC 7644, "System for Cross-domain Identity Management: Protocol", September 2015
Source of RFC: scim (sec)
Errata ID: 5295
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Marcel van den Dungen
Date Reported: 2018-03-22
Section 3.5.2.1 says:
If the user was already a member of this group, no changes should be made to the resource, and a success response should be returned. The server responds with either the entire updated Group or no response body: HTTP/1.1 204 No Content Authorization: Bearer h480djs93hd8 ETag: W/"b431af54f0671a2" Location: "https://example.com/Groups/acbf3ae7-8463-...-9b4da3f908ce"
It should say:
If the user was already a member of this group, no changes should be made to the resource, and a success response should be returned. The server responds with either the entire updated Group or no response body: HTTP/1.1 204 No Content ETag: W/"b431af54f0671a2"
Notes:
The Authorization header is a request header and should not be included in a response.
The Location header is used to redirect a client to a new location or indicate the location of a new resource. Neither is the case here, so the header should be omitted.
Also, it's unclear from the text whether it's valid to respond with 204 No Content if the user was successfully added to the group.