What does this mean for the HTTP Authorization header naming scheme for bearer tokens?
As I understand this decision, we are discussing whether to standardize on the name "access_token" when a bearer token is sent as either a URL query parameter, or in a form POSTed body? Currently the HTTP Authorization header looks like this (from http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-05): GET /resource HTTP/1.1 Host: server.example.com Authorization: Bearer vF9dft4qmT Is the proposal then that we have: 1. GET /resource?access_token=vF9dft4qmT 2. POST /resource access_token=vF9dft4qmT&... 3. GET /resource HTTP/1.1 Host: server.example.com Authorization: access_token vF9dft4qmT Can someone actually give the details of the proposal, or agree/disagree with the examples above? - John On Jun 10, 2011, at 2:58 PM, George Fletcher wrote: > Yes, that's fine with me. > > Thanks, > George > > On 6/10/11 4:20 AM, David Recordon wrote: >> George, Doug and Eran are you alright with the Bearer token spec using >> the parameter name "access_token" as well? >> >> >> On Wed, Jun 8, 2011 at 4:50 PM, Marius Scurtescu >> <mscurte...@google.com> >> wrote: >> >>> On Wed, Jun 1, 2011 at 1:14 PM, Mike Jones <michael.jo...@microsoft.com> >>> wrote: >>> >>>> If you can drive a consensus decision for the name "access_token", I'd be >>>> glad to change the name in the spec. I agree that the current names are >>>> confusing for developers. >>>> >>> At Google we are getting the same feedback, that it is confusing for >>> developers. It would definitely help if we could change the name to >>> "access_token". >>> >>> Marius >>> >>> > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
