Yes, it covers all the characters legal in URIs. Per earlier discussion on the
list, scopes are not restricted to being URIs, as existing practice includes
scope elements that are not URIs such as "email" "profile", and "openid".
-- Mike
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of
Marius Scurtescu
Sent: Wednesday, October 19, 2011 10:24 AM
To: Julian Reschke
Cc: OAuth WG
Subject: Re: [OAUTH-WG] draft-ietf-oauth-v2-bearer-09: Open Issues & Proposed
Resolutions
Marius
On Tue, Oct 18, 2011 at 9:39 AM, Julian Reschke <[email protected]> wrote:
> On 2011-10-18 17:38, Eran Hammer-Lahav wrote:
>>
>> Space is allowed inside a quoted string and is already not allowed
>> inside each scope string.
>>
>> EHL
>> ...
>
> a) yes.
>
> b) well:
>
> The value of the scope parameter is expressed as a list of space-
> delimited, case sensitive strings. The strings are defined by the
> authorization server. If the value contains multiple
> space-delimited
> strings, their order does not matter, and each string adds an
> additional access range to the requested scope.
>
> That certainly implies that you can't have a space inside a token, but
> it could be clearer.
>
> Optimally, state the character repertoire precisely:
>
> scopetokenchar = %x21 / %x23-5B / %x5D-7E
> ; HTTPbis P1 qdtext except whitespace, restricted to US-ASCII
>
> ?
Is this covering all characters allowed in a URI? Why not define scopes as a
list of URIs?
>
> Best regards, Julian
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
>
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
