I've published draft 06<http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.html> of the OAuth Bearer Token Specification<http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html>. It contains the following changes: * Changed parameter name bearer_token to access_token, per working group consensus. * Changed HTTP status code for invalid_request error code from HTTP 401 (Unauthorized) back to HTTP 400 (Bad Request), per input from HTTP working group experts.
It doesn't change the use of 403 (Forbidden) to (401) Unauthorized as had been discussed as a possibility, also due to input from the same HTTP working group experts. I believe that this addresses all the bearer token specification issues arising from the interim working group meeting and working group discussions since then. The draft is available at these locations: * http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-06.pdf * http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-06.txt * http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-06.xml * http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.html * http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.pdf * http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.txt * http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.xml * http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html (will point to new versions as they are posted) * http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.pdf (will point to new versions as they are posted) * http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.txt (will point to new versions as they are posted) * http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.xml (will point to new versions as they are posted) * http://svn.openid.net/repos/specifications/oauth/2.0/ (Subversion repository, with html, pdf, txt, and html versions available) -- Mike
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
