I have suggested before, and I will reiterate that we should define explicitly
how to transport the token in an extensible way if extensions are desired. I
think we shoudl allow both of:
Bearer b64token
and
Bearer token=<quoted string>
The first ensures compatibility with extant implementation, and the second
provides definition for the basics where people want to extend it.
-bill
________________________________
From: Mike Jones <michael.jo...@microsoft.com>
To: Julian Reschke <julian.resc...@gmx.de>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Sent: Wednesday, October 12, 2011 11:39 AM
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-08.txt WGLC comments
One possible syntax is:
Bearer access_token=xyz_-123,more_info=pdq
Ultimately though, the format of the bearer token is outside of the scope of
the spec, and up to the participants to determine, including whether to use
b64token syntax or params syntax.
-- Mike
-----Original Message-----
From: Julian Reschke [mailto:julian.resc...@gmx.de]
Sent: Wednesday, October 12, 2011 11:35 AM
To: Mike Jones
Cc: Manger, James H; oauth@ietf.org
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-08.txt WGLC comments
On 2011-10-12 20:26, Mike Jones wrote:
> Because b64token is existing practice
> ...
<include-disclaimer-about-maturity-of-internet-drafts/>
Anyway, how do you then send credentials that include the bearer token plus
additional parameters? Example, please.
Best regards, Julian
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
