> 5) Section 3 ABNF allows "realm=foo;realm=bar;scope=baz;error=123" > is that ok? Is processing clear for all cases? I don't think it > is.
The ABNF does not allow that. It requires commas as separators, not semi-colons. It requires double quotes around values. The only possible ambiguity in this example is the duplicate realms, but that parameter isn't even defined in this spec (it is defined in draft-ietf-httpbis-p7-auth)! I guess that spec could try to explicitly define behaviour in the case of this particular error, but it may have to explicitly describe a lot of other error cases as well. -- James Manger _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth