Can anyone point me to good reference material for understanding the
Authorization header in Section 5.1 of the OAuth 2.0 draft 8
spechttp://tools.ietf.org/id/draft-ietf-oauth-v2-08.html#authz_header
and
the WWW-Authenticate section 6?
Specifically, some questions I have are:
1. How to
I don't remember where I found it before, but OWS is Optional White
Space, and RWS is Required White Space. There is also no BNF to define
access_token or refresh_token.
For this spec to be implementable all this stuff has to be explicitly
defined
would your proposal allow to issue and use HMAC Verification Keys in the
same way as the old token secrets, i.e. an AS would issue such keys
along with tokens to the OAuth client? A special key id could be used to
indicate this scenario.
regards,
Torsten.
Am 21.06.2010 09:04, schrieb Dirk
