Scheme is always case-insensitive per 2617. My reasons for using Token:
1. The scheme isn't specific to OAuth (which defines a model for obtaining tokens). It is a generic way to use tokens for authentication. Similar to how services use OAuth today for "2-legged" authentication (using the signature method without an access token at all), I expect services to use the Token scheme. 2. Doesn't conflict with OAuth 1.0, and doesn't require adding oauth_version=2.0 to every request. The fact that 1.0 used a parameter name prefix in the *header* was bad enough. That discussion did not reach any consensus so I used the last proposed text. If people have a problem with that I'll add it to the open issues list. EHL From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Dick Hardt Sent: Sunday, April 18, 2010 9:33 PM To: OAuth WG Subject: [OAUTH-WG] Clarification: Authorization scheme :: Token vs OAuth I recall some earlier discussion on calling the scheme Token vs OAuth and see that it is now Token per the example: Authorization: Token token="vF9dft4qmT" Would explain or point out the logic of using Token rather than OAuth? A related question: is the scheme case sensitive?
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth