I believe those examples are okay. The content in the post body is the grant while the HTTP Basic Authorization header is the client authentication. They are two different things.
On Mon, Jul 25, 2011 at 10:27 PM, Mike Jones <michael.jo...@microsoft.com> wrote: > In sections 4.1.3, 4.3.2, 4.4.2, and 6 of draft -20, the examples contain > both the line “Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW” and > credentials in the post body. For instance, the example from 4.3.2 is: > > > > POST /token HTTP/1.1 > > Host: server.example.com > > Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW > > Content-Type: application/x-www-form-urlencoded;charset=UTF-8 > > > > grant_type=password&username=johndoe&password=A3ddj3w > > > > I believe that the “Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW” line > should be deleted from all of these examples, as you either use Basic or > credentials in the post body, but not both. > > > > Thanks, > > -- Mike > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
