Re: [OAUTH-WG] consistency of token param name in bearer token type

Fri, 10 Jun 2011 06:13:09 -0700

I definitely don't want to change the Authorization header naming scheme. I believe it should stay 'Bearer' because that's what the token is. We could make it... 

Authorization: Bearer access_token=vF9dft4qmT
If that helps with consistency. I don't think we should be associating the term 'access_token' with the bearer security mechanism. 

Thanks,
George

On 6/10/11 8:35 AM, John Kemp wrote:

What does this mean for the HTTP Authorization header naming scheme for bearer 
tokens?

As I understand this decision, we are discussing whether to standardize on the name 
"access_token" when a bearer token is sent as either a URL query parameter, or 
in a form POSTed body?

Currently the HTTP Authorization header looks like this (from 
http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-05):

GET /resource HTTP/1.1
Host: server.example.com
Authorization: Bearer vF9dft4qmT

Is the proposal then that we have:

1. GET /resource?access_token=vF9dft4qmT
2. POST /resource

access_token=vF9dft4qmT&...

3.

GET /resource HTTP/1.1
Host: server.example.com
Authorization: access_token vF9dft4qmT

Can someone actually give the details of the proposal, or agree/disagree with 
the examples above?

- John

On Jun 10, 2011, at 2:58 PM, George Fletcher wrote:


Yes, that's fine with me.

Thanks,
George

On 6/10/11 4:20 AM, David Recordon wrote:

George, Doug and Eran are you alright with the Bearer token spec using
the parameter name "access_token" as well?


On Wed, Jun 8, 2011 at 4:50 PM, Marius Scurtescu
<mscurte...@google.com>
  wrote:


On Wed, Jun 1, 2011 at 1:14 PM, Mike Jones<michael.jo...@microsoft.com>
  wrote:


If you can drive a consensus decision for the name "access_token", I'd be glad 
to change the name in the spec.  I agree that the current names are confusing for 
developers.


At Google we are getting the same feedback, that it is confusing for
developers. It would definitely help if we could change the name to
"access_token".

Marius



_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth



_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to